ClawHub

Memory Manager Pro (记忆索引管理)

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Markdown-based memory and task organizer that openly creates and updates workspace files for that purpose.

Install this only in workspaces where you want an agent to maintain local memory and task files. Review keyword mappings before bulk or cross-skill updates, avoid storing secrets in memory/task records, and keep backups for important project files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill’s documented workflow extends beyond organizing memory into actually reading project files, executing task steps, and generating new planning artifacts. That scope creep increases the chance the skill will be invoked to perform substantive content or project work under the guise of memory management, which can cause unintended side effects and privilege expansion in agent orchestration.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The external interface allows other skills to trigger multi-file updates, task completion, task creation, and inferred path operations based on semantic deduction. This creates a broad side-effect surface where another skill can indirectly cause workspace modifications beyond simple index maintenance, making cross-skill abuse or accidental overreach more likely.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad enough to match ordinary project-management or organizational requests, which can cause the skill to activate unexpectedly. In this skill's context, unexpected activation is risky because the README explicitly describes creating directories, files, and updating indexes, so an accidental trigger could lead to unintended workspace changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes automatic creation of directories, files, and task/index updates without warning that the skill mutates workspace state. This is dangerous because users may interpret the skill as advisory, while it can actually write persistent data and alter project structure, increasing the chance of accidental overwrites, clutter, or integrity issues.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The external skill update interface allows cross-skill modification of memory indexes but the README provides no privacy, integrity, or authorization warning. In context, this is more dangerous because the skill acts as a central memory/index manager, so a connected skill could poison indexes, alter task state, or expose sensitive project metadata across projects.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include generic terms like 'task planning' and 'memory management', which are common in ordinary conversation and may cause the skill to activate unintentionally. Because this skill performs file writes and task mutations, accidental invocation can lead to unrequested workspace changes or interference with unrelated workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill immediately instructs creation and modification of directories and files but does not clearly warn that using the skill will write to the workspace. Users or calling agents may assume this is advisory documentation rather than an active write-capable procedure, increasing the risk of silent or surprising state changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal