ClawHub

letheClaw

Security checks across malware telemetry and agentic risk

Overview

This memory skill appears purpose-aligned, but it gives the agent broad permission to send remembered or observed information to a network service without enough user control or privacy disclosure.

Review before installing. Use only with a trusted HTTPS letheClaw endpoint, avoid storing secrets or sensitive personal data, and require explicit confirmation before any memory is saved. The skill should ideally narrow triggers, disclose what is sent and retained, and avoid raw shell command interpolation for user-controlled values.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README tells users the skill stores and searches memories through a networked API, but it does not clearly warn that submitted memory content, tags, source fields, operator metadata, and provenance may be transmitted to and retained by an external service. In a memory-management skill, this omission is security-relevant because agents may handle sensitive user data, and users or deployers could unknowingly expose confidential information over the network or to an improperly secured backend.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger list includes very broad terms such as "memory," "remember," and "recall," which are likely to appear in ordinary conversation and can cause the skill to activate unintentionally. In a memory skill with network access and mandatory retrieval/storage behavior, accidental activation increases the chance of unnecessary data access or transmission.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to send user or session memories to a network API but does not require a clear user-facing disclosure that content will leave the local interaction context. Because the API may be remote and the data involves memories, provenance, and session information, this creates a meaningful privacy and data-handling risk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The storage protocol says to POST observations whenever the user says to remember something or when the agent merely "observes something worth recording," and labels this as mandatory with "No exceptions." This encourages autonomous exfiltration of inferred or observed user/session data to a network service without confirmation, which is especially dangerous because the trigger conditions are subjective and expansive.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal