ClawHub

Safe Memory Manager

Security checks across malware telemetry and agentic risk

Overview

This local memory helper does not show exfiltration or destructive behavior, but its security and integrity claims are stronger than what the code actually enforces.

Review this carefully before installing if you plan to rely on it for security. Use it only with a dedicated memory directory, avoid storing secrets, and do not treat its ISNAD label or regex sanitizer as a strong protection against prompt injection or tampering.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises security-sensitive behavior and includes Python usage that performs file reads/writes and references startup integrity checks, yet it declares no permissions. This mismatch can cause downstream systems or reviewers to underestimate the skill's actual capabilities, which is especially risky because it handles untrusted text and claims to mitigate prompt injection, making hidden file and possible shell access more dangerous if the implementation is flawed or abused.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The code presents `_verify_integrity()` as a cryptographic self-verification mechanism, but `append_memory()` continues to operate even when verification fails. This creates a false sense of trust: consumers may rely on `isnad_verified` branding while the skill still reads and writes memory in an unverified state, enabling tampered or substituted code to function normally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal