ClawHub

永久记忆系统

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory skill, but it is designed to automatically and permanently store broad conversation history, including private details, without clear consent or real deletion controls.

Install only if you intentionally want a local, automatic archive of your conversations. Avoid using it with secrets, regulated personal data, sensitive business information, or private contact details unless you manually review and purge the stored files; the documented forget/delete behavior may not actually remove data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (18)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill explicitly instructs reading and writing persistent files (`MEMORY.md`, `memory/YYYY-MM-DD.md`) but does not declare those capabilities or corresponding permissions. Undeclared persistence is dangerous because it hides data access scope from reviewers and users, making privacy-impacting behavior easier to enable without informed approval.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documentation promises automatic permanent memory, semantic search, cross-session inheritance, and 'never overwrite,' but the described mechanism is only local file persistence and even mentions updating `MEMORY.md`. This mismatch is security-relevant because users may disclose sensitive information based on assurances that are inaccurate, incomplete, or misleading about retention, retrieval, and modification behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The listing explicitly advertises automatic recording of every conversation and permanent storage, but provides no user warning about privacy, retention duration, consent, or handling of sensitive data. In a memory skill, this is especially risky because users may reveal credentials, personal information, health details, or proprietary business context that would then be retained and searchable across sessions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The document advertises automatic archival of every conversation and persistence to files without clearly warning users that their conversation data will be saved by default or explaining the privacy consequences. This creates a meaningful risk of collecting sensitive personal, business, or credential-related information without informed consent, especially because the skill is explicitly designed for long-term retention across sessions.

Vague Triggers

High
Confidence
95% confidence
Finding
The README states the skill activates automatically for broad, ordinary phrases and behaviors, which can cause persistent writes, searches, or memory loading without a clear, informed user action. In a long-term memory skill, overly broad triggers are dangerous because they can capture sensitive conversational content and surface prior context in situations where the user did not intend persistence or retrieval.

Missing User Warnings

High
Confidence
98% confidence
Finding
The README promises automatic recording of every conversation and indefinite retention without giving a clear privacy warning, consent flow, or explanation of what data is stored. This creates a significant privacy and security risk because users may disclose credentials, personal data, business information, or regulated content that becomes persistently stored on disk.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The activation language covers broad memory-related phrases like '记忆、历史、之前说过、记得什么,' which can trigger in many normal conversations without a clear boundary or consent step. In the context of a persistence skill, overbroad triggering increases the chance of silently recording or resurfacing user data when the user only meant casual conversation, not durable storage.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill says important information is automatically written to `MEMORY.md` and persisted after each session, but it provides no explicit consent flow, warning, retention policy, or sensitivity filtering. Automatic durable logging of conversation content is dangerous because users may unknowingly disclose personal, confidential, or regulated data that then persists beyond the current session.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documentation explicitly instructs recording contact details, addresses, and other real private data into persistent memory. Storing high-sensitivity personal data without safeguards, minimization, or consent materially increases the risk of privacy violations, identity exposure, and unintended later disclosure across sessions.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill states that all conversation content is appended to daily logs, including seemingly unimportant chat, with no warning about comprehensive retention. Full-transcript retention is especially dangerous because harmless-seeming fragments can cumulatively reveal secrets, credentials, health information, or behavioral profiles over time.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The script persistently writes user-provided content into a local long-term memory file without any consent prompt, visibility control, retention policy, or sensitivity filtering. In the context of a memory/archival skill that automatically records conversations across sessions, this can capture secrets, personal data, or sensitive conversation history and store them indefinitely, increasing privacy and data-exposure risk if the local workspace is later accessed by other tools or users.

Ssd 3

Medium
Confidence
95% confidence
Finding
The marketing promises broad, indefinite retention and recall of everything the user has said, creating a strong likelihood of over-collection and resurfacing of sensitive information beyond user expectations. In the context of a long-term memory skill, the danger is elevated because the core function is cross-session persistence and semantic retrieval, which increases the chance that confidential or regulated data is stored, rediscovered, and exposed later.

Ssd 3

Medium
Confidence
96% confidence
Finding
The listing explicitly promotes indefinite automatic retention of all user-provided conversation content, including persistent storage and recall across restarts. In the context of an AI memory skill, this materially increases exposure of sensitive data, enables over-collection beyond user expectations, and creates long-lived privacy and compliance risk if secrets, personal data, or regulated information are captured.

Ssd 3

Medium
Confidence
96% confidence
Finding
Automatic persistent recording of every conversation and loading memory into future sessions creates a direct cross-session data exposure risk. Sensitive information shared in one context may be unexpectedly reintroduced in another, increasing the chance of privacy leakage, over-collection, and disclosure to unintended recipients or contexts.

Ssd 3

Medium
Confidence
94% confidence
Finding
The documented automatic write/search/load behavior encourages broad collection and resurfacing of user-supplied information without clear boundaries for sensitive content. In practice, this can cause the assistant to treat ordinary conversation as memory material and later reveal it in unrelated sessions or prompts.

Ssd 3

Medium
Confidence
97% confidence
Finding
The design explicitly stores raw conversation diaries by date, indicating broad retention of original conversational content rather than a minimal summary. Raw logs substantially increase the blast radius of compromise because they preserve full sensitive context, incidental disclosures, and potentially confidential data across time.

Ssd 3

High
Confidence
99% confidence
Finding
The skill directs permanent recording of all conversation content and explicitly includes private contact/address details in persistent files across sessions. In context, this is more dangerous than ordinary note-taking because the skill's stated purpose is durable memory inheritance, which increases the likelihood that old sensitive data will be resurfaced or exposed later without renewed user intent.

Ssd 3

Medium
Confidence
91% confidence
Finding
Reading `MEMORY.md` and recent diary files at the start of every new session creates broad cross-session resurfacing of prior user data. This is risky because previously disclosed information may be injected into unrelated future contexts, increasing privacy leakage, over-collection, and the chance of exposing sensitive history when it is no longer relevant.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal