ClawHub

Quack Memory

Security checks across malware telemetry and agentic risk

Overview

This is a cloud-backed memory skill that clearly stores, searches, lists, and deletes memories through the FlightBox API using a local Quack credential.

Install only if you trust the Quack/FlightBox service. Avoid storing secrets, regulated data, private personal information, or sensitive business context unless you intentionally want it saved remotely; review and delete stored memories you no longer need.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill includes a capability to permanently delete persistent memories, but the manifest description only advertises storing, recalling, and searching memory. This mismatch weakens user and platform trust boundaries because an agent or reviewer may invoke or approve the skill without realizing it can perform destructive actions, enabling unintended data loss or abuse if the script is exposed through the skill interface.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill documents a destructive delete operation (`forget.mjs --id ...`) without any warning, confirmation step, or guidance to verify the target memory before removal. In a memory/persistence skill, this creates a realistic risk of accidental or unauthorized deletion of stored context, which can cause loss of important agent state or audit history.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs reading an API key from a local credentials file and using it for authenticated requests to a remote service, but provides no privacy or security warning about handling secrets or transmitting potentially sensitive memory content off-host. Because this skill is specifically for persistent memory storage, users may send confidential context to a third-party endpoint without understanding the exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This script sends the user's query and the agent identifier to a remote FlightBox endpoint using stored credentials, but it does so without any explicit user-facing disclosure or consent prompt at the point of transmission. In a memory-recall skill, queries may contain sensitive contextual data, so silent transmission to an external service creates a meaningful privacy and data-handling risk even if the behavior is functionally intended.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends arbitrary memory content plus an API bearer token to a third-party remote service, but provides no meaningful disclosure, consent flow, sensitivity checks, or redaction safeguards before transmission. In an agent-memory skill, users may store highly sensitive context, so silently exfiltrating that data off-host can expose secrets, personal data, or operational context if the remote service, logs, or downstream systems are compromised.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends credential-authenticated requests to a remote FlightBox service and includes the agentId in the query string, but it provides no user-facing disclosure, confirmation, or consent at execution time. In a memory skill, this means potentially sensitive persistent context is transmitted off-host to a third-party endpoint whenever the command is run, which can surprise users and expose private agent data or metadata.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal