ClawHub

Agent Memory Enterprise

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate persistent agent-memory library, but users should add privacy, retention, and access-control safeguards before using it with sensitive data.

Install only if you intend to add persistent memory to an agent. Use isolated databases, least-privilege credentials, retention and deletion policies, document access controls, sensitive-data redaction, and safeguards for stored prompt-injection content before using it with private, regulated, or multi-tenant data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes persistent storage of user profiles, conversations, tasks, and experience history across Redis, PostgreSQL, and ChromaDB, but provides no retention limits, consent guidance, privacy notice, or data minimization practices. In an enterprise agent context, this increases the chance of storing sensitive personal, business, or regulated data indefinitely and using it in later retrievals without appropriate controls.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The formatter injects raw conversation history directly into prompt text, including full message content and role labels, with no filtering, minimization, or sensitivity checks. In an enterprise memory system, this can expose secrets, personal data, or prior prompt-injection content to downstream model calls and other tools, increasing the risk of data leakage and prompt contamination.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The user profile formatter emits preferences, confidence metadata, sources, and usage patterns directly into prompt context without access control or sanitization. In a production agent memory skill, this increases exposure of sensitive behavioral and profile data to the model and any connected providers, and could also leak internal provenance details that should not be broadly disclosed.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The store method persists user-related execution history, including goal descriptions, steps taken, error information, tags, and user_id, with no visible minimization, redaction, retention control, or consent/privacy guardrails in this component. In an enterprise agent-memory skill, this increases risk of collecting and retaining sensitive or regulated data that could later be exposed through database compromise, overbroad access, or unintended reuse.

Missing User Warnings

Medium
Confidence
69% confidence
Finding
This method automatically aggregates user profile data, knowledge results, and prior experience records into the generated prompt, creating a realistic risk of unintended sensitive-data propagation to downstream LLM providers or logs. In an enterprise memory system, prompt construction is a high-risk boundary because data from multiple stores can be combined and disclosed beyond the original collection context if there are no explicit filtering, consent, or policy checks before injection.

Context Leakage

High
Category
Data Exfiltration
Content
# Initialize
system = AgentMemorySystem(config)

# Record conversation
await system.context.add_message(
    user_id="user_123",
    role="user",
Confidence
93% confidence
Finding
Record conversation

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal