ClawHub

Ollama Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory skill that stores assistant notes on the user’s machine; it is purpose-aligned but should be used carefully because memories persist.

Install this only if you want durable local assistant memory. Do not save passwords, account tokens, or sensitive personal data unless you intentionally want them retained; periodically review or delete USER.md, MEMORY.md, SOUL.md, daily notes, and any SQLite memory database. Review any referenced Python memory scripts before running them, since they are not bundled in this artifact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill uses a broad trigger for persistence ("当用户说'记住...'" / "when the user says 'remember...'"), but it does not define scope, consent boundaries, retention limits, or exclusions for sensitive data. In a memory skill that writes to local files and a vector database, this can cause accidental storage of private, regulated, or contextually sensitive user information that the user did not intend to persist long-term.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs updating persistent files such as MEMORY.md, USER.md, SOUL.md, and daily logs based on conversation content, but it does not provide a clear user-facing warning about retention, downstream use, or review/deletion controls. Because the skill is designed around durable memory and semantic search, undisclosed persistence increases the risk of privacy harm, over-collection, and later resurfacing of sensitive content in unrelated contexts.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal