ClawHub

Ichiro-Mind

Security checks across malware telemetry and agentic risk

Overview

This appears to be a persistent memory skill, but it automatically stores conversation-derived information without clear consent, retention, or deletion controls.

Install only if you intentionally want long-term local memory. Before using it, confirm where it writes data, how to disable auto-capture, how to review and delete stored memories, and avoid sharing secrets, credentials, health, financial, or other sensitive details while it is active.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly describes persistent storage and file-backed memory artifacts such as SESSION-STATE.md, MEMORY.md, and daily logs, yet it declares no permissions for file read/write behavior. This creates a transparency and consent gap: users and host systems may not realize the skill can persist and retrieve data from disk, including conversation-derived memory.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automatic capture and persistent memory behavior but does not prominently warn users that conversation content may be stored long-term. This is dangerous because users may share sensitive information assuming ephemeral handling, while the system is designed to retain preferences, history, and other personal context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly describes automatic capture of conversation content and persistent storage of user preferences and other memories, but does not present any clear privacy notice, consent flow, retention limit, or deletion controls in this document. In a memory system designed for long-term, cross-session recall, that omission increases the risk of collecting and retaining sensitive personal data without informed user awareness.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The memory system persists arbitrary user-provided content to local files and databases, but the write paths do not provide any explicit disclosure, consent, or sensitivity checks at the point of storage. In an agent memory skill, this creates a privacy and compliance risk because users or downstream operators may not realize conversations, secrets, or personal data are being retained long-term.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The auto_capture routine parses free-form text for preferences and decisions and stores the inferred results without warning or confirmation. This is more dangerous than explicit storage because it silently converts conversational text into persistent memory, increasing the chance of capturing sensitive disclosures, mistaken inferences, or private behavioral data.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instruction 'Write BEFORE responding' directs the agent to persist information prior to answering, which can cause sensitive user data to be stored automatically without contextual consent checks. Because this happens before response-time filtering or user confirmation, accidental retention of secrets, regulated data, or irrelevant personal details becomes more likely.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly supports auto-capturing conversation text into a persistent memory system without defining privacy boundaries, minimization rules, or sensitive-data exclusions. In a memory skill, this context makes the issue more dangerous because the core feature is broad, repeated retention of user-generated content across sessions, increasing privacy, surveillance, and data leakage risk.

Ssd 3

Medium
Confidence
90% confidence
Finding
The use-case framing encourages long-term collection of preferences, history, relationships, and personal quirks, normalizing expansive profiling without discussing necessity, proportionality, or consent. In a persistent memory skill, this increases the likelihood of over-collection and creation of detailed user dossiers that may later be misused or exposed.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill is designed to retain and later recall arbitrary natural-language content across multiple persistence layers, including files and SQLite databases. In the context of a persistent AI memory system, this materially increases the risk of retaining secrets, personal data, or sensitive conversation history that could later be exposed through recall, local compromise, backups, or unintended reuse by the agent.

Ssd 3

Medium
Confidence
97% confidence
Finding
Automatic extraction of preference and decision statements from free-form text enables silent capture of user disclosures that the user may not have intended to store as persistent memory. Because these inferred memories are then routed into durable storage, the feature can accumulate sensitive profile data and make later leakage or misuse more likely.

Session Persistence

Medium
Category
Rogue Agent
Content
- [ ] Implement MCP interface

## Pending Actions
- [ ] Write SKILL.md
- [ ] Create Python core
```
Confidence
74% confidence
Finding
Write SKILL.md - [ ] Create Python core ``` **WAL Protocol**: Write BEFORE responding, not after. ### WARM Layer — Neural Graph Associative memory with spreading activation. ```python # Store with

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal