ClawHub

Session Archiver Pro

Security checks across malware telemetry and agentic risk

Overview

This skill locally summarizes user-provided chat logs and can format selected excerpts for memory import, but it does not hide that capability or automatically transmit, install, or inject data.

Install only if you are comfortable giving it chat logs you choose. Review or redact transcripts before processing, and do not import memory-inject JSON into any long-term agent memory without checking for secrets, private details, false claims, or prompt-injection content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The documented `memory-inject` output format materially expands the skill from passive summarization into producing artifacts intended for direct ingestion into an agent’s long-term memory. That creates a trust-boundary shift: downstream agents may import unverified extracted content as durable context, enabling persistence of prompt-injected, incorrect, or policy-violating data beyond the original session.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill metadata promises Markdown, JSON, and Obsidian outputs, but the code also exposes a separate "memory-inject" mode that converts session content into long-term memory entries. In a tool explicitly designed to process chat transcripts, this hidden or under-disclosed persistence/export pathway increases the chance that sensitive user and assistant content will be repurposed beyond the user's expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill is designed to extract, consolidate, link, and persist information from AI chat sessions, including preferences, risks, and decision history, which can contain sensitive personal, business, or security-relevant data. Without an explicit privacy warning, users may unknowingly feed confidential logs into a process that creates durable secondary artifacts and cross-session memory, increasing exposure, retention, and accidental disclosure risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Describing a `memory-inject` format without warnings normalizes direct writing of extracted session content into agent long-term memory, even though the source material may contain adversarial instructions, false facts, sensitive data, or manipulative preferences. In this skill’s context—extracting decisions, knowledge, preferences, and risks from AI chats—the danger is elevated because it explicitly transforms potentially untrusted conversations into persistent agent state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script reads arbitrary session logs and re-emits extracted snippets, summaries, preferences, risks, and other content with no warning, consent flow, or sensitivity screening. Because chat logs often contain credentials, personal data, business plans, or other confidential material, transforming and exporting them as structured memory can leak or amplify sensitive information into downstream systems.

Ssd 3

Medium
Confidence
98% confidence
Finding
The memory-injection formatter explicitly packages extracted decisions, knowledge, and preferences from chat sessions into reusable long-term memory entries without any filtering for secrets, private data, or contextual sensitivity. This is dangerous because it can permanently propagate sensitive transcript content into agent memory stores, making accidental retention, later disclosure, or unsafe reuse substantially more likely.

Ssd 3

Medium
Confidence
94% confidence
Finding
The overall tool is built to summarize and export broad conversational content, including preferences and risks, with no data-minimization rules or category-level safeguards. In the context of an archiving skill for AI chat sessions, that design materially increases privacy and confidentiality risk because users may feed highly sensitive transcripts and the tool will preserve and repackage them across multiple output formats.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal