ClawHub

Grantai Memory

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate-looking memory skill, but it should be reviewed because it can persistently store files, git history, code snippets, and verbatim conversations without clear retention or deletion guidance.

Install only if you are comfortable using an external local memory service that may retain project and conversation data across sessions. Keep imports narrow, avoid secrets and regulated data, verify the external binary or Docker image source, and confirm how to inspect, delete, and contain stored memory before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage examples use natural-language trigger phrases like 'Remember that...' and 'What did we decide...' that are broad enough to overlap with ordinary conversation. In an agent skill, this can cause unintended activation of persistent memory operations, leading to storage or recall of sensitive data without a clear, deliberate user action.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill heavily emphasizes persistent cross-session recall but does not provide a prominent warning that conversation, project, and other user-provided data may be stored long-term. Users may reasonably underestimate the privacy and retention implications, especially because the marketing language focuses on convenience and performance rather than consent and data-handling boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The listed features include importing files/directories, storing snippets with context, capturing conversation verbatim, and importing git history, all of which can ingest large amounts of sensitive material. Presenting these high-retention capabilities without adjacent warnings or scoping guidance increases the chance that credentials, private chats, source code, or proprietary history will be persistently stored unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal