ClawHub

Context Persistence

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for saving context across sessions; its main risk is that users may persist private notes too broadly.

Install only if you want agents to use local files as persistent memory. Keep these memory and log files in a trusted workspace, do not store secrets or unnecessary personal data, and periodically review or delete old entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly recommends persistent file-based memory as the cross-session communication mechanism, but it provides no guidance on data minimization, redaction, consent, retention, or access control. In a context-persistence skill, this omission is especially risky because users and agents are encouraged to store operational context, which can easily include sensitive user data, credentials, internal prompts, or system state on disk where other sessions or operators may later access it.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The daily log design tells any session to record raw chronological notes and conversations, which materially increases the chance of writing sensitive prompts, user data, internal reasoning, or security-relevant context into unbounded log files. Because the skill's purpose is cross-session persistence, this pattern makes the danger more acute: it normalizes broad retention of raw conversation data without privacy notice, retention limits, sanitization, or scope restrictions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal