ClawHub

context-memory

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only memory workflow that openly saves workspace context, but it does not contain code, network access, credential use, or hidden behavior.

Install this only if you want the agent to maintain local, cross-session memory files. Review those files before sharing or committing a workspace, avoid storing secrets or unnecessary personal details, and tell the agent not to persist anything you want kept ephemeral.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to persist important user and task information to files for future sessions, but it provides no requirement to obtain informed user consent, disclose retention, or limit what gets stored. This creates a privacy risk because personal data, project details, and behavioral history may be silently accumulated and reused beyond the user's expectations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Mandating immediate recording of user corrections and preferences into persistent files can capture personal habits, work patterns, or identifying details without notice. Because the workflow says to write immediately, it increases the chance of storing sensitive information reflexively and without review or necessity.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill establishes a persistent memory system that explicitly stores user preferences, project background, errors, and daily logs for future reuse. In context, this is more dangerous because the core purpose of the skill is cross-session retention, so over-collection and long-term storage are not incidental—they are built into the operating model.

Ssd 3

Medium
Confidence
97% confidence
Finding
The guidance encourages storing concrete identity details such as a user's name and preferences in durable memory files, which increases privacy and profiling risk. Storing specific identifiers creates a larger blast radius if files are exposed, reused improperly, or combined with other task records.

Ssd 3

Medium
Confidence
98% confidence
Finding
The BOOTSTRAP template reserves persistent fields for preferred name, time zone, and email, which are personal profile and contact data. Including these fields in a default template normalizes collection and retention of PII even when it may not be necessary for the task, increasing privacy, leakage, and secondary-use risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal