ClawHub

Chat Memory Archiver

Security checks across malware telemetry and agentic risk

Overview

The skill is local and mostly purpose-aligned, but it can export sensitive chat-log content without the redaction or confirmation its instructions promise.

Install only if you are comfortable giving it access to the specific session logs you select. Review outputs before sharing or syncing them, and do not rely on the promised password/key confirmation because the provided script does not implement it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill description clearly indicates local session ingestion and export capabilities, which implies reading input logs and writing output artifacts, but it does not declare any corresponding permissions. Undeclared file read/write capability weakens transparency and policy enforcement: a user or platform may authorize the skill without realizing it can access local files and persist extracted content, including sensitive chat data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script reads complete chat/session logs and then republishes extracted content to stdout or disk with no consent prompt, redaction, or sensitivity warning. In a chat-memory archiver, logs are likely to contain secrets, personal data, credentials, or internal discussions, so this creates a real confidentiality risk through accidental exposure rather than an exploit in code execution terms.

Ssd 3

Medium
Confidence
95% confidence
Finding
The tool is explicitly designed to preserve and republish structured memories from chat sessions, including preferences, decisions, knowledge, and risks, which may embed sensitive or identifying information. In this skill context, that behavior is core functionality, but it still represents a privacy/security vulnerability if retention, minimization, and sanitization controls are absent because sensitive chat content is systematically extracted and made easier to search and share.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal