ClawHub

MemoryLayer

Security checks across malware telemetry and agentic risk

Overview

MemoryLayer appears to be a straightforward hosted memory client, but users should treat stored memories and searches as data sent to an external service.

Install only if you are comfortable sending selected agent memories, metadata, and search queries to MemoryLayer or a configured endpoint. Use a dedicated API key when possible, avoid storing passwords, tokens, regulated data, private documents, or sensitive operational procedures, and review retrieved memories before letting them steer important agent actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation clearly indicates use of environment variables for credentials and communication with an external hosted service, yet no corresponding permissions are declared. This creates a transparency and consent problem: operators may install the skill without realizing it needs secret access and network egress, which increases the chance of unintended credential exposure or policy violations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill is presented as local semantic memory infrastructure, but the documentation shows it authenticates to a third-party service, uploads memory content and queries, and retrieves account information. That mismatch is dangerous because users may store sensitive memories, preferences, procedures, or operational details under the assumption they remain local, when in fact they are sent to an external service.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README markets long-term semantic storage of user memories and retrieval of potentially sensitive conversational data, but it provides no privacy notice, retention guidance, consent expectations, or warning against storing secrets and regulated data. In an agent-memory skill, this omission is security-relevant because users may treat the feature as safe by default and upload personal, confidential, or credential-like content to a third-party service without understanding the data-handling implications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup instructions tell users to export an email and password as environment variables but do not warn that these are sensitive credentials, should not be committed, logged, shared in prompts, or reused from other services. For an agent skill, this is especially risky because agent workflows often expose environment variables to tools, debug output, shell history, CI logs, or memory systems, increasing the chance of credential leakage and account compromise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup instructions tell users to provide credentials and then store arbitrary memory content, including examples that could contain sensitive personal or operational data, without warning that these data are sent to a hosted third-party service. In an agent context, memory systems often collect high-value information, so the lack of disclosure materially increases the risk of privacy breaches, compliance issues, and accidental exfiltration of secrets or confidential business context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The demo seeds and later prints realistic user-profile memory entries including email, timezone, employer, login timestamps, subscription status, and behavioral preferences. Even though this appears to be sample/demo code, it normalizes storing and disclosing potentially sensitive personal data to stdout without masking, consent guidance, or a warning that developers should avoid using real user data in examples; in practice, copied demo patterns can lead to privacy leaks in logs, terminals, CI output, or shared screenshots.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends arbitrary memory content and metadata to a remote third-party service by default, but the code provides no user disclosure, consent gate, or data classification checks before transmission. In an agent context, 'memory' may include prompts, conversation history, secrets, or personal data, so silent exfiltration to an external endpoint creates a real confidentiality and privacy risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The code performs password-based login against a remote service and transmits credentials over the network without any visible warning, trust establishment, or endpoint restrictions beyond relying on the configured URL. While HTTPS is used by default, the endpoint is configurable, so deployments could send credentials to an untrusted or attacker-controlled server, especially in an agent ecosystem where skills may be installed without deep review.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The remember() method sends arbitrary memory content and metadata to a third-party service without any built-in consent prompt, warning, or data classification checks. In an agent context, this can exfiltrate prompts, secrets, personal data, or internal context to an external domain under the guise of memory storage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal