ClawHub

hive-mind

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it stores shared agent preferences in TiDB, but users should treat it as remote persistent memory and avoid storing sensitive information.

Install only if you want agent preferences stored in a shared TiDB-backed memory. Use it for low-sensitivity preferences, not passwords, secrets, private personal data, or policy instructions. Prefer your own least-privilege TiDB credentials, protect or chmod the ~/.openclaw_hive_mind_dsn file, and consider narrowing the protocol so facts are saved only when the user explicitly asks to remember them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no permissions even though the documentation clearly indicates use of environment variables, local file read/write, and shell execution via python/curl. This creates a transparency and consent problem: operators may install the skill without understanding that it can access credentials, persist data locally, and communicate externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The advertised behavior says the skill syncs 'memories,' but the documentation reveals materially different behaviors: remote auto-provisioning, local DSN caching, reading credentials from environment variables, and storing generic preferences. Such mismatch can mislead users into granting access or using the skill in contexts where remote persistence and credential handling are not acceptable.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest says the skill syncs memories, while the body describes a shared configuration/preferences store. This inconsistency increases the chance of unsafe deployment because users may believe only low-sensitivity memory sync is happening when the skill actually manages broader persistent configuration data and remote storage.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The overview directly contradicts the manifest by reframing the skill as a configuration store rather than a memory-sync feature. Security-sensitive tooling depends on accurate documentation, and contradictory descriptions reduce informed consent and proper risk evaluation.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The skill silently provisions a remote database by calling an external API, creating an undeclared outbound network side effect and external persistence surface. In an agent-skill context this is risky because it can move data off-host without meaningful user consent or governance.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The code comments claim a security fix using SSL, but the pymysql connection does not actually enable TLS options. If the database is reached over an untrusted network, credentials and data may be exposed to interception or machine-in-the-middle attacks while the misleading comment may discourage further review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The protocol instructs the agent to store and later recall user preferences and identity information across sessions, but provides no notice, consent flow, or warning that personal information will be persisted. This creates a privacy risk because users may disclose personal data in ordinary conversation without realizing it will be retained and shared through a persistent multi-agent memory system.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The save trigger is overly broad: statements like 'I like python' or 'My name is Lux' are common conversational content, yet the agent is told to persist them automatically. This can lead to unintended collection of personal information without meaningful user intent to create long-term memory, increasing the chance of over-collection and privacy violations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation omits a clear warning that fallback mode sends data to an external TiDB Zero service and caches connection information in a local file under the user's home directory. Users may unknowingly expose sensitive preferences or connection metadata to remote infrastructure and local persistence they did not authorize.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill makes an undisclosed outbound request to a third-party API to provision infrastructure. In this context, hidden network actions are dangerous because they can create remote resources and external data handling without the user's awareness or policy approval.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The DSN, which contains database credentials, is cached in a local file under the user's home directory without any permission hardening or disclosure. Local credential persistence increases the chance of credential theft by other local users, processes, backups, or later compromise of the host.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly directs persistent cross-session storage and recall of user-provided personal information without consent, minimization, sensitivity restrictions, or access controls in the protocol text. Because the skill is described as syncing memories across multiple agents using a shared database, the context makes the issue more dangerous by expanding exposure and increasing the risk of unauthorized access, profiling, or inappropriate reuse of personal data.

Session Persistence

Medium
Category
Rogue Agent
Content
## Security & Provisioning
This skill supports two modes:
1.  **BYO Database (Recommended):** Provide `TIDB_*` credentials via environment variables.
2.  **Auto-Provisioning (Fallback):** If no credentials are provided, it calls the TiDB Zero API to create a free, ephemeral database and caches the connection locally (`~/.openclaw_hive_mind_dsn`).

## Why use this?
*   **Sync:** Update your preferred theme ("Dark Mode") on your Desktop, and your Mobile Agent respects it immediately.
Confidence
90% confidence
Finding
create a free, ephemeral database and caches the connection locally (`~/.openclaw_hive_mind_dsn

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal