ClawHub

Dory-Proof Memory System

Security checks across malware telemetry and agentic risk

Overview

This is a transparent local memory template, but it deliberately stores task wording and work history in persistent workspace files.

Install only in workspaces where persistent local memory is desired. Avoid putting passwords, API keys, regulated data, or highly sensitive personal details into tasks that will be written to state files, and periodically review or clear ACTIVE.md, USER.md, MEMORY.md, and recent-work files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly directs the agent to persist the user's exact words to disk immediately, which can capture secrets, personal data, credentials, or regulated content without consent, minimization, or redaction. Because this is a memory/persistence skill, the context makes the issue more dangerous: it normalizes broad retention as a default behavior across sessions and increases the chance of later unintended disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workspace structure creates multiple persistent files for user information, active tasks, historical work, and long-term memory, but provides no privacy boundaries, access controls, retention policy, or warnings about sensitive data handling. In a skill whose purpose is durable cross-session memory, this materially raises the risk of overcollection, unnecessary retention, and leakage of personal or confidential information.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persisting exact natural-language user instructions and maintaining a user-oriented memory system creates a direct data retention and secondary disclosure risk, since free-form text often contains more sensitive information than intended. The skill context makes this more dangerous because it encourages routine preservation of conversational content as operational state, making later reuse or exposure more likely.

Ssd 3

Medium
Confidence
95% confidence
Finding
The guide explicitly instructs agents to persist the user's exact words before interpretation, which creates a durable record of potentially sensitive prompts, credentials, personal data, or proprietary content. Because this data is stored in workspace files for later sessions, it increases the chance of unintended disclosure to future agents, other users, backups, or logs.

Ssd 3

Medium
Confidence
92% confidence
Finding
The boot sequence and memory workflow normalize automatic cross-session reading and writing of task history without any sensitivity classification, exclusion rules, or access controls. This makes persistent collection of user and task content part of normal operation, increasing the likelihood that confidential information is retained and resurfaced in later contexts where it is no longer appropriate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal