ClawHub

agents-refresh

Security checks across malware telemetry and agentic risk

Overview

This markdown-only skill transparently sets up local memory refreshes for specific agent context files, with recurring writes that users should understand before enabling.

Install this only in workspaces where you want recurring local memory maintenance. Review AGENTS.md, IDENTITY.md, SOUL.md, USER.md, and memory logs for sensitive content before enabling the cron schedule, adjust the timezone if needed, and periodically inspect MEMORY.md and HEARTBEAT.md for unwanted changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README advertises automatic reloads and rotation of AGENTS/IDENTITY/SOUL, MEMORY, and HEARTBEAT files, but it does not clearly warn users that the skill may modify persistent user-controlled data on a schedule. In an agent-skill context, undocumented or under-disclosed automatic writes can cause integrity and privacy issues, especially if users enable cron-based execution without understanding what files will be changed and when.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to persistently modify workspace state by editing HEARTBEAT.md and setting up recurring refresh behavior, but it does not clearly warn that these changes are durable or require explicit user consent. In an agent environment, silent persistence and scheduled actions can cause unintended file changes, repeated data processing, and privacy surprises long after the initial invocation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The Quick Start section gives direct operational steps to edit HEARTBEAT.md and install a daily cron job, but omits any safety or privacy warning about persistent scheduled behavior. Because the job repeatedly reads multiple workspace memory/identity files and summarizes them, this can normalize background collection and modification of sensitive context without informed user approval.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example explicitly describes cron-driven automatic updates to MEMORY.md, which normalizes autonomous modification of project files without indicating user awareness, confirmation, or safety boundaries. In an agent skill context, this can lead to unauthorized file changes, persistence of bad state, or quiet manipulation of task priorities over time, especially because the behavior is presented as routine automation.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal