ClawHub

Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory organizer that stores user-approved notes in a plaintext ~/memory folder, with no evidence of hidden exfiltration or malicious behavior.

Install only if you want an agent-maintained plaintext memory folder at ~/memory. Avoid saving passwords, tokens, regulated data, or sensitive personal details unless you intentionally want them persisted locally, and review exactly what is copied before enabling built-in-memory sync.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template explicitly encourages storing personal profiles, relationship context, communication style, and interaction history for named individuals, but provides no guidance on consent, minimization, retention, access controls, or avoiding sensitive data. In a memory skill whose purpose is long-term organized storage, this increases the chance that users will accumulate privacy-sensitive personal data in plaintext files that may later be exposed, synced, or mishandled.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to create and populate files under ~/memory/ but does not tell the user that this causes local filesystem writes and persistent storage of their data. That creates a privacy and consent problem because users may believe they are only interacting conversationally, while the agent is actually materializing long-term records on disk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill proposes syncing built-in memory into a separate personal memory store without a clear privacy warning about duplicating existing personal data into another persistence layer. Copying preferences, decisions, and contacts into a new store increases exposure and can surprise users if they did not intend prior information to be replicated externally or durably.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instructions encourage copying prior built-in memory, including sensitive categories like preferences and contacts, into a separate long-term repository without minimization, necessity checks, or safeguards. In context, this makes the skill more dangerous because it is a memory-management tool whose core function is to accumulate and retain data, increasing the likelihood of overcollection and unnecessary persistence.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill directs the agent to immediately store whatever the user provides as a first memory entry, without screening for sensitive data, confirming scope, or clarifying persistence. This can lead to accidental capture of secrets, health information, financial details, or other sensitive content that the user shares casually during setup.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal