Back to skill

Security audit

Memory System V2

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory tool that stores and searches agent notes on disk; the main risk is privacy from retaining sensitive content, not hidden or malicious behavior.

Install only if you want a local persistent memory store for an agent. Do not store secrets, credentials, regulated personal data, or confidential material unless you are comfortable keeping it in plaintext under $HOME/clawd/memory; periodically review and delete old memories, and treat recalled memories as context rather than current truth or authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill promotes persistent cross-session storage of learnings, decisions, events, and interactions without any warning about retaining sensitive or personal data on disk. In an agent context, this can lead to quiet accumulation of secrets, personal information, internal project details, or regulated data that may later be exposed, reused inappropriately, or retained longer than intended.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions specifically encourage recording conversations, feedback, and user requests, which are common sources of personal and sensitive information, without privacy boundaries or consent checks. This creates a realistic risk of storing PII or confidential content in plaintext files that persist across sessions and may be searchable later by the agent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The auto-recall workflow tells the agent to search memory for prior work, dates, people, preferences, and todos without warning that this may involve personal or confidential information retained from earlier sessions. In practice, this increases the chance of unauthorized reuse, over-collection, and accidental disclosure of historical user data into later responses or unrelated contexts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The design explicitly targets capturing '100% of daily activities' and sharing the resulting system as a reusable skill, but it contains no privacy boundaries, consent model, exclusions, or data minimization controls. In a persistent memory system, automatic collection of broad activity data can lead to unintended storage of sensitive information such as credentials, personal data, internal decisions, or confidential project details.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The design calls for automatic consolidation, extraction into long-term memory, and archiving of files without describing safeguards around file modification, retention, or reversibility. That creates risk of silently rewriting user data, extending retention of sensitive content, and making accidental collection harder to detect or purge once information is propagated across derived files and indexes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script persistently stores user-supplied memory content, tags, and context under a predictable path in the user's home directory without any warning, consent flow, retention policy, or safeguards for sensitive data. In a memory/persistence skill, users are especially likely to submit secrets, personal data, credentials, or internal project details, so silent long-term storage increases privacy and data exposure risk if the files are later accessed, backed up, synced, or exfiltrated.

Ssd 3

Medium
Confidence
93% confidence
Finding
Encouraging broad persistent recall of prior details without privacy boundaries is dangerous in an agent skill because it normalizes indefinite reuse of user information across sessions. That can lead to contextual leakage, profiling, or resurfacing of stale sensitive details when they are no longer relevant or appropriate to disclose.

Ssd 3

Medium
Confidence
91% confidence
Finding
The 'remember everything' framing promotes unrestricted retention, which is unsafe for systems that may process personal, confidential, or regulated information. Even absent malicious intent, this messaging encourages over-collection and normalization of storing more data than necessary, increasing the blast radius of any later disclosure or misuse.

VirusTotal

33/33 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.