ClawHub

Session Relay

Security checks across malware telemetry and agentic risk

Overview

The skill is meant for session continuity, but it automatically retrieves and stores prior conversation text in workspace files without clear user confirmation.

Install only if you intentionally want automatic cross-session memory. Review or edit the skill first for sensitive work: prefer summaries over verbatim chat, require confirmation before reading session history or writing files, and periodically inspect or delete memory/relay-snapshot.md, memory/relay-archive, HEARTBEAT.md, and daily logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill instructs persistent storage of session-derived summaries into daily logs and archives, which expands short-term continuity into durable retention of user activity. That increases exposure of potentially sensitive task context beyond what a user may reasonably expect from 'session continuity,' especially without explicit consent, retention limits, or access controls.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
Storing verbatim conversation tails from prior sessions creates a transcript-retention channel that can capture sensitive user inputs, assistant outputs, and contextual data not needed for minimal task handoff. Verbatim carry-forward materially raises privacy and re-disclosure risk compared with a compact, purpose-limited state summary.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill copies prior conversation text into files without a clear user-facing warning or consent step. Because this involves retrieving and persisting prior session content, users may unknowingly have sensitive information replicated into workspace files, increasing the risk of unauthorized access and long-term retention.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Archiving snapshots and appending daily-log entries retain session-derived data over time without a corresponding warning about retained content. This creates an avoidable privacy and governance risk because historical task context may remain accessible long after the immediate continuity need has passed.

Ssd 3

High
Confidence
98% confidence
Finding
Verbatim carry-forward of prior user and assistant messages into snapshots creates a direct data retention and re-disclosure channel. Any secrets, personal data, or sensitive business context present in those messages may be copied into additional files and later surfaced in unrelated contexts, compounding exposure.

Ssd 3

Medium
Confidence
91% confidence
Finding
The restore guidance tells the agent to behave as though it remembers prior sessions and reuse recovered content without disclosing that historical data was retrieved. This can mislead users about the source of information and obscure that prior-session content is being reintroduced, reducing transparency and informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal