ClawHub

MemOS Cloud Integration

Security checks across malware telemetry and agentic risk

Overview

This memory skill is not clearly malicious, but it sends conversation-derived queries to a cloud memory service and depends on unreviewed local helper code with weak disclosure and scoping.

Review before installing. Only use this if you trust the MemOS Cloud service and can verify the missing `memos-api.js` helper locally. Avoid storing secrets, credentials, regulated data, or sensitive project details, and prefer explicit manual memory actions over broad automatic recall or storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The README states that important information may be automatically stored to MemOS Cloud, which exceeds the declared recall-only purpose of this skill context and normalizes silent data transmission. In a memory plugin handling prior conversations and preferences, undocumented or ambiguously scoped auto-storage increases the risk of users or operators exposing sensitive data without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README describes automatic storage of 'important information' to a remote cloud service without a clear privacy warning, data classification guidance, or consent boundary. Because this plugin is explicitly intended to capture previous conversations, preferences, and decisions, the context makes the issue more dangerous: highly sensitive personal or project data could be uploaded off-device unintentionally.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad and ambiguous, such as matching common phrases like "before" or "previously," which can cause the skill to activate when the user did not intend memory recall. In this skill, unintended activation is more dangerous because it can send user queries or derived context to MemOS Cloud, creating avoidable privacy and data-minimization risks.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs the agent to send `user_query` to an external cloud service without informing the user that their input or summarized context may be transmitted off-platform. Because the purpose of the skill is to recall prior conversational memory, the transmitted content may include sensitive personal preferences, history, or confidential context, making the privacy impact significant.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The instruction to fail silently on API errors hides from the user that memory recall did not occur, which can mislead them about the basis and reliability of the response. In a context-dependent memory skill, this reduces transparency and can cause incorrect or fabricated-seeming answers to be presented as if informed by prior records.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal