ClawHub

Mem

Security checks across malware telemetry and agentic risk

Overview

This Mem skill is not clearly malicious, but it gives an agent broad authenticated ability to read, change, or delete Mem data without enough safety boundaries.

Install only if you are comfortable giving Membrane and your agent delegated access to your Mem workspace. Prefer discovered Membrane actions over raw proxy requests, require explicit confirmation before create/edit/delete or non-GET proxy calls, and revoke the Membrane connection when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill is presented as a Mem-specific data integration, but the instructions primarily expose generic Membrane connection management and API access patterns. That mismatch can cause an agent or user to authorize broader external connectivity and capabilities than the manifest suggests, increasing the chance of overbroad use and unintended data access.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documented proxy request feature allows direct requests through Membrane beyond the declared Mem-specific action set. This expands the skill from a scoped integration into a more general authenticated request channel, which can enable unintended reads, writes, or destructive operations against external APIs if invoked too broadly.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The invocation description is broad enough that an agent could route many loosely related Mem requests into this skill without clear operational boundaries. In the presence of create, edit, delete, and proxy capabilities, vague triggering increases the risk of unnecessary data exposure or unintended state-changing actions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises delete operations for Mems, Collections, and Tags without any guidance to confirm user intent before destructive actions. An agent following this documentation could perform irreversible changes based on ambiguous prompts or mistaken routing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Direct API proxying is documented as a general fallback without warning that requests transmit data externally and may perform arbitrary destructive operations. This is especially risky because it bypasses the narrower semantics of prebuilt actions and can be used to issue raw authenticated requests.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal