ClawHub

Triple Memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory skill, but it automatically and silently stores and reuses user/workspace context with weak boundaries and user visibility.

Install only if you intentionally want automatic persistent memory across sessions. Before enabling it, remove or override silent-operation instructions, disable auto-capture and auto-flush for sensitive work, define excluded paths and data categories, confirm what text is sent to the embedding provider, and ensure you can inspect, edit, and delete stored memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases for automatic capture are overly broad and match ordinary conversation such as preferences, identity statements, or casual remarks. This can cause the system to persist sensitive or irrelevant user data without deliberate user consent, increasing privacy and data-minimization risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly tells the agent to perform memory operations silently and not disclose storage to users. Covert persistence undermines user awareness and consent, making it more likely that sensitive information is retained across sessions without the user realizing it.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup instructions explicitly tell the agent to run a workspace memory sync 'silently' at the start of every session, which normalizes background processing of repository data without user awareness or consent at execution time. In a memory skill, this is especially risky because sync operations may read, index, or persist sensitive workspace content across sessions, creating privacy, compliance, and least-astonishment concerns even if the command is not overtly malicious.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This configuration enables automatic memory capture and instructs the agent to write session summaries and key facts to multiple persistent backends without any visible consent, notice, or sensitivity checks. In a memory skill, that increases the risk of silently persisting secrets, personal data, or sensitive workspace context beyond the user's expectations, expanding data retention and exposure surfaces.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The script uses a predictable world-writable temporary path (/tmp/clawdbot-filesearch.txt) and deletes/rewrites it without safe creation primitives. On multi-user systems, an attacker can pre-create the path as a symlink or race the file operations, potentially causing overwrite of unintended files or exposing captured output; additionally, the script silently spawns and kills a background process, which can hide side effects from users.

Ssd 3

Medium
Confidence
96% confidence
Finding
Automatic capture and retention of preferences, decisions, and facts creates a persistent store of user-provided information without clear scoping or consent boundaries. In a memory skill, this context makes the issue more dangerous because broad retention is the primary function and can easily sweep in personal or confidential data.

Ssd 3

Medium
Confidence
94% confidence
Finding
The pre-compaction memory flush instructs the agent to summarize and persist session context into files and git notes automatically when token thresholds are reached. This is risky because compaction pressure may cause bulk storage of entire conversational context, including sensitive details that were never intended for long-term retention.

Ssd 3

High
Confidence
99% confidence
Finding
The instruction to never announce memory operations is an explicit directive for covert data retention. This makes the skill materially more dangerous because it suppresses the normal transparency that would let users detect, challenge, or limit storage of their information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal