ClawHub

SPIRIT State Sync

Security checks across malware telemetry and agentic risk

Overview

SPIRIT is a clearly disclosed backup/sync skill for agent state, but users should treat it as sensitive because it can repeatedly upload memory and project files to a private Git repository.

Install only if you intentionally want agent identity, memory, and project files backed up to Git. Use a dedicated private repository, inspect and narrow `.spirit-tracked`, avoid secrets in synced files, verify the external SPIRIT installer or Homebrew tap, and enable cron or auto-backup only if you want continuous background syncing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The scheduled sync section instructs users to run automatic background synchronization of identity, memory, and project files to a remote Git repository, but it does not prominently warn that this may continuously exfiltrate sensitive data. In the context of a tool explicitly designed to preserve agent state and memory, automatic periodic sync materially increases the chance of unintended disclosure if the repository, remote, or tracked file patterns are misconfigured.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs users to set up unattended recurring backups to a private Git repository without clearly warning that data may be captured while files are actively changing and transmitted off-host on a schedule. In a state-preservation tool, this can unintentionally leak sensitive workspace contents, credentials, prompts, or inconsistent snapshots if users do not understand the privacy and integrity implications of automated sync.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The built-in auto-backup daemon is presented as a simple feature to enable, but the documentation does not warn that it performs background backups of agent state and project data over time. For a tool explicitly designed to preserve identity, memory, and projects, silent or poorly understood background collection materially increases privacy and data-exfiltration risk if the repository, host, or credentials are misconfigured or compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal