ClawHub

Conversation Memory Sync

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear memory-sync purpose, but it broadly preserves private conversation history with missing helper scripts and no retention or redaction controls.

Install only if you intentionally want agent conversations copied into persistent local files. Before enabling it, obtain and review the missing scripts, limit which agents and transcript paths are included, redact secrets or personal data, set retention/deletion rules, and make clear that memory logs are reference material rather than trusted instructions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly states it extracts the last 300 messages from every agent session and writes them into persistent markdown files, but it does not present any warning about the privacy and retention implications of capturing all user↔agent messages. This is dangerous because users may disclose sensitive information under the assumption of ephemeral chat behavior, while the skill silently creates durable plaintext copies that can later be read, reused, or exposed to other tools and agents.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill instructs operators to continuously log all user-agent messages and then mandates that future sessions read those logs before doing anything else, creating a durable natural-language memory channel across sessions. In context, this increases risk because sensitive user content, prior instructions, secrets, and injected text can persist outside the original session boundary and influence later agent behavior, expanding both privacy exposure and prompt-injection persistence.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal