ClawHub

Smart Memory

Security checks across malware telemetry and agentic risk

Overview

This is a real local memory helper, but it automatically stores broad personal and technical data, including possible API keys, with weak deletion and disclosure controls.

Install only if you intentionally want the agent to keep a long-term local memory. Do not let it store API keys, passwords, private server details, regulated personal data, or anything that must be erased immediately unless the skill is changed to require explicit approval, redact secrets, avoid stdout disclosure, and provide hard-delete controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill promises immediate deletion for forget requests, but elsewhere states the data is only soft-deleted and retained in archive for 30 days. This creates deceptive privacy behavior and can lead users to disclose sensitive information under a false assumption that it can be immediately erased.

Intent-Code Divergence

Low
Confidence
77% confidence
Finding
The skill encourages storage of highly sensitive data such as API keys while also claiming no sensitive data appears in logs, yet it documents token-savings logging without defining safeguards. Even if the log event only stores counts, the lack of logging boundaries and redaction requirements increases the chance of accidental exposure through shell commands, debug output, or future implementation changes.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill directs automatic persistence of sensitive personal facts, inferred traits, and API keys without requiring explicit user consent or a clear warning. This is dangerous because it normalizes silent long-term retention of high-risk data that users may not expect to be stored across sessions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Instructing the agent to search persistent memory before every response creates continuous background processing of prior conversation data without clear notice or session-level consent. This broad default behavior increases privacy risk because even unrelated prompts may trigger lookup and reuse of previously collected personal information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The heartbeat performs autonomous pruning, merging, archiving, and repair of user memory data without clear user-facing notice or approval. Background modification of retained personal data can alter, retain, or remove information in ways the user does not expect, undermining transparency and data control.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The report prints stored memory keys and excerpts of values directly to stdout, which can expose sensitive user data such as preferences, decisions, or personal details to anyone viewing the terminal, shell history captures, logs, screenshots, or CI output. In the context of a persistent memory skill, this is more dangerous because the stored content is specifically accumulated conversation-derived data that may include private information over time.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly instructs persistence of sensitive user data, including inferred details and API keys, across conversations. Persistent storage of secrets and private attributes materially increases the blast radius of local compromise, accidental disclosure, and misuse by future prompts or tools.

Ssd 3

Medium
Confidence
94% confidence
Finding
Routine retrieval of persistent memory before each response institutionalizes reuse of historical private data as part of normal interaction flow. This increases the chance of overcollection, inappropriate resurfacing of stale or sensitive facts, and privacy leakage into responses or downstream tool calls.

Ssd 3

Medium
Confidence
98% confidence
Finding
The documented forget flow says a memory is soft-deleted and retained in archive for 30 days, which conflicts with the privacy promise of immediate deletion. Retaining ostensibly forgotten data is a meaningful privacy and compliance risk, especially for sensitive personal or credential-like information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal