ClawHub

Chroma Memory

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for CRM memory, but it persistently stores sensitive customer conversations and CRM data with unclear consent, retention, and protection controls.

Install only if you are comfortable with customer conversations, identifiers, and CRM snapshots being stored locally for later recall. Before using it with real customer data, confirm where the files are written, who can access them, how to disable automatic memory, and how to delete or limit retained records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly stores every conversation turn and customer phone numbers in long-term vector memory, but the description does not warn users that sensitive conversational content and identifiers will be retained beyond the current session. This creates a privacy and compliance risk because operators may enable or use the skill without informed consent, data-minimization review, or awareness of retention behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The command descriptions indicate that storage and recall are auto-triggered by hooks or elapsed time, but there is no explicit warning that these actions can occur without direct user invocation. Automatic persistence and retrieval of customer conversation data increases the chance of silent collection, unexpected disclosure in later sessions, and misuse in environments with strict privacy expectations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persistently stores raw customer and agent conversation content, customer identifiers, timestamps, and derived tags to local JSON files without any notice, consent flow, retention control, or protection mechanism. In this skill context, the stored data is explicitly conversational memory for CRM-like interactions, so it is likely to contain personal data, business-sensitive content, and sales commitments; local persistence increases exposure to unauthorized access, accidental backup leakage, and compliance/privacy issues.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The snapshot function writes CRM data supplied via CLI or environment variable directly to disk, including potentially sensitive pipeline details, without warning or safeguards. In this context, CRM snapshots may contain lead counts, statuses, and possibly full raw records, so storing them locally as JSON creates a meaningful confidentiality and compliance risk, especially because environment-provided secrets or data may be unintentionally retained on disk.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal