ClawHub

Soul Sharing

Security checks across malware telemetry and agentic risk

Overview

This appears to be a purpose-aligned shared memory skill, but users should understand that it persists agent-written context to a Git repository.

Install only if you want agent memory to survive across sessions and be available to configured agents through a Git repository. Before first use, decide what may be stored, keep the repository private, review commits periodically, and do not allow secrets, credentials, raw conversation logs, or sensitive personal/business data to be written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly promotes persistent identity, shared memory, and cross-agent synchronization of user-related information, but it does not present a clear user-facing warning about the privacy implications of propagating data across agents, devices, and sessions. Even though it mentions using a private repository, users may not understand that facts, preferences, and project context will be stored durably and made available to other agent runtimes, increasing the risk of overcollection or unintended disclosure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The setup and session workflow instructs the agent to write events, commit them, and push them to a repository, but it omits a direct warning that this action persists user-related information outside the current session. This is dangerous because an agent could follow the workflow mechanically and store sensitive user preferences, project details, or temporary facts in a durable shared repo without obtaining informed consent at the moment of persistence.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal