ClawHub

MemCore

Security checks across malware telemetry and agentic risk

Overview

MemCore is a coherent local memory library, but users should treat its stored memories as sensitive and understand the optional remote embedding path.

Install only if you want a long-term memory component. Treat the local ~/.memcore database as sensitive, avoid storing secrets or regulated personal data without extra controls, back up important records before running forgetting or cleanup methods, and use the OpenAI embedding wrapper only for text you are comfortable sending to that provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (14)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README advertises automatic persistent storage of user memory to a local SQLite database and automatic restoration on restart, but does not warn that potentially sensitive user data may be retained indefinitely on disk. In a memory-management skill, this omission is security-relevant because users or integrators may unknowingly store personal data, preferences, or conversation history without consent, retention limits, or protection guidance.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README describes a forgetting cycle that automatically deletes low-priority memories after time and access-based scoring, but does not clearly warn that this behavior is destructive. In a system marketed as persistent memory for agents, silent deletion can cause loss of important state, user data, auditability, or safety-relevant context if operators do not realize pruning is irreversible or insufficiently controlled.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents SQLite-backed persistent storage, cross-session recovery, and storage of user preferences/memories without any privacy notice, retention limits, consent model, or guidance on handling sensitive data. In a memory system, this creates a real risk of over-collection and indefinite retention of personal or conversation-derived information, which can expose users to privacy harm if the database is accessed, reused unexpectedly, or synced across contexts.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented forgetting cycle automatically deletes memories, but the skill does not warn users or integrators that stored data may be removed by an automated scoring model. This is a real safety issue because important user state, preferences, or audit-relevant history could be silently lost, causing integrity problems, surprising behavior, and potential loss of user control over stored records.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example shows use of an API-based embedding provider but does not disclose that submitted knowledge content may be transmitted to a third-party service. Because this system handles memory and knowledge data that may include user-derived content, omission of this warning can lead to unintentional external disclosure of private or sensitive information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code stores `original_query` directly in provenance metadata, which can capture sensitive user inputs such as names, secrets, or personal details without any minimization, consent, or retention controls. In a memory/provenance system, this increases privacy and compliance risk because downstream reporting or exports can expose raw user inputs beyond their original purpose.

Missing User Warnings

High
Confidence
97% confidence
Finding
The `chain_of_thought` field stores internal reasoning traces, which may contain sensitive inferred data, hidden prompts, or deliberative model outputs not intended for persistence or disclosure. Persisting this data is especially risky because provenance export and reporting features can make these traces retrievable, increasing the chance of privacy leakage and exposure of internal decision logic.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The router stores user and episodic memory and later auto-loads them into context based on keyword triggers, but there is no consent flow, notice, retention policy, or filtering for sensitive content. In an agent setting, this can cause privacy violations and unintended resurfacing of personal or confidential information into future prompts, logs, or model outputs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The forgetting cycle permanently deletes stored memories based on an internal risk threshold without any user confirmation, audit safeguard, soft-delete window, or explicit policy check. In a memory system handling user preferences and episodic data, this can cause irreversible loss of important state and can be triggered as part of routine operation rather than an intentional user action.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The OpenAI embedding wrapper transmits arbitrary supplied text to an external API, which can expose sensitive memory contents, prompts, or user data if callers pass confidential material. In a memory/knowledge module, this is more dangerous because stored knowledge may include private or proprietary content, and the code provides no explicit warning, consent gate, redaction, or privacy controls around that outbound transfer.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill is designed to persist identities, preferences, episodic memories, and conversation-derived information across sessions, yet it does not impose semantic limits on what sensitive data may be retained. In the context of a memory system, this makes the issue more dangerous: the feature set encourages accumulation of highly personal data over time, increasing exposure, profiling risk, and the chance that sensitive information is later surfaced or leaked.

Ssd 3

Medium
Confidence
91% confidence
Finding
Semantic compression and trigger-based recall can summarize prior conversations and automatically reload them into later interactions, which creates a concrete risk of resurfacing prior sensitive disclosures outside the user's immediate intent. In a memory skill, this contextual auto-reintroduction is especially risky because it can bypass user expectations about conversational boundaries and propagate compressed but still sensitive information into new outputs.

Unpinned Dependencies

Low
Category
Supply Chain
Content
numpy>=1.20.0
Confidence
95% confidence
Finding
numpy>=1.20.0

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
78% confidence
Finding
numpy

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal