ClawHub

ia-reflect

Security checks across malware telemetry and agentic risk

Overview

This retrospective skill is instruction-only and its memory-saving behavior is disclosed and mostly user-directed, but users should be careful about what they allow it to remember.

Install this if you want a retrospective helper that can save selected lessons for future chats. Before approving any memory write, review the exact content and avoid storing secrets, credentials, customer data, private URLs, or sensitive personal information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to write approved items into persistent memory files under ~/.claude/projects/... but does not require an explicit disclosure that this creates durable on-disk storage. That can cause users to approve retention without understanding scope, persistence, or where the data will be stored, increasing privacy and consent risk.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to scan the full conversation for learnings and later persist selected content, which creates a broad data collection surface from natural-language chat history. Even if intended for helpful memory, this increases the chance that sensitive or unnecessary user/project information is retained beyond the session.

Ssd 3

High
Confidence
98% confidence
Finding
The `remember:` rule says to treat everything after the prefix as a memory candidate with no interpretation and save it directly, which bypasses safety filtering and data-minimization judgment. A user could accidentally include secrets, personal data, proprietary material, or attacker-injected content that then gets stored persistently verbatim.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal