ClawHub

Selective Memory

Security checks across malware telemetry and agentic risk

Overview

This is a local memory skill that openly stores and reuses selected notes, with privacy and bias risks users should manage before enabling automatic learning.

Before installing, open the memory files and remove any goals, values, language preferences, or platform lessons that are not yours. Enable automatic learning only if you are comfortable with the agent saving selected interaction outcomes for future use, and periodically review or clear the memory folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly promotes automatic learning from interactions and feedback, then persisting derived lessons to local memory files without any privacy boundary, consent model, or guidance on filtering user-related data. In practice, this can cause an agent to retain personal information, sensitive feedback, or profiling data across sessions, creating privacy and compliance risks even if the feature is framed as helpful.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The examples instruct creating and appending to persistent files as part of normal operation, but they do not warn that using the skill modifies local state and may retain information beyond the current session. This is a weaker issue than direct data exfiltration, but it can still surprise users, break least-astonishment expectations, and contribute to unintended retention of sensitive content.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The line encodes a language preference ('Arabic + English content works well') inside persistent memory without any indication that the user explicitly opted into that locale preference. In an agent memory system, this can cause the agent to steer future responses toward specific languages or mixed-language output, which may override user expectations and create biased or inappropriate responses across sessions.

Session Persistence

Medium
Category
Rogue Agent
Content
### 1. Initialize Memory

On first use, create the memory files:

```bash
mkdir -p memory
Confidence
88% confidence
Finding
create the memory files: ```bash mkdir -p memory touch memory/wisdom.md memory/goals.md memory/mistakes.md memory/preferences.md ``` ### 2. Before Responding Read relevant memory files to inform yo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal