ClawHub

MemoTrader

Security checks across malware telemetry and agentic risk

Overview

This MemoTrader assistant skill is mostly coherent, but it needs review because it stores an account API key in persistent memory and allows account changes without clear confirmation steps.

Install only if you want an assistant to monitor your MemoTrader account. Use a revocable PA key, prefer a dedicated secret store over plain memory, and require confirmation before dismissing messages or changing profile or clique settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the user to store a sensitive `pa_` API key in local memory without any guidance on secure storage, scoping, redaction, or preventing later disclosure. In an agent environment, memory files are often reused across sessions and may be exposed to other skills, logs, or prompts, which can lead to unauthorized access to the user's MemoTrader account.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The heartbeat behavior authorizes recurring inbox polling and persistence of account-tracking state without clearly informing the user that the skill will perform periodic network access and maintain behavioral data. While this is consistent with the skill's purpose, silent background access increases privacy and transparency risk and can surprise users who did not consent to ongoing monitoring.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference documents state-changing endpoints for profile updates and clique membership changes alongside read-only assistant capabilities without explicit warnings, approval requirements, or safe-use guidance. In an agent skill context, this can normalize autonomous modification of the user's public profile or group memberships, increasing the chance an agent makes unwanted account changes on the user's behalf.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The clique endpoint explicitly supports join and leave actions that alter account memberships, but the documentation provides no warning that these actions change the user's social/account state. In a skill consumed by autonomous agents, this omission can lead to silent enrollment or removal from groups, with reputational, privacy, or workflow consequences for the user.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal