ClawHub

Memory Recall

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill recalls saved memory files for user-requested history searches, with privacy considerations but no code execution or hidden data flow.

Install this only if you are comfortable with the agent searching saved memory and diary files when you ask about past conversations, dates, projects, people, or decisions. Review recalled content before sharing it outside the chat, because it may include private or sensitive history.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description includes very broad trigger phrases such as '查找、找回、某天、某次、之前说过', which overlap heavily with ordinary conversation. This can cause the skill to activate in contexts the user did not clearly intend, increasing the chance of unnecessary retrieval of historical memories or conversations that may contain sensitive information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly searches MEMORY.md and diary files and presents past conversation content, but provides no warning, consent check, or privacy notice. Because these sources may contain sensitive personal, project, or interpersonal data, retrieval without safeguards can expose information more broadly than the user expects.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to retrieve and present arbitrary historical conversations, diary entries, projects, contacts, and decisions in natural language without any access-control, scope restriction, or sensitivity handling. In context, this is more dangerous because the entire purpose of the skill is to surface memory contents, so absent safeguards it can become a direct channel for overbroad disclosure of private or confidential information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal