Security audit

ClawVault

Security checks across malware telemetry and agentic risk

Overview

ClawVault is a disclosed local memory and recovery tool, but enabling its hooks means past session and vault context can be automatically reused in future agent prompts.

Install only if you want persistent agent memory. Review the hook before enabling it, choose the vault path deliberately, avoid storing secrets or unrelated private history in the vault, and leave GEMINI_API_KEY unset unless sending transcript-derived content to Gemini is acceptable for your work.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The hook is explicitly designed to inject vault-derived context into session messages at session start, but the documentation shows this happening automatically and does not describe any consent, scoping, redaction, or privacy warning. Because the injected data comes from prior session state and may be surfaced into a new prompt, it can unintentionally expose sensitive information across tasks, users, or contexts if the vault contains secrets or private history.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal