ClawHub

Memory Pipeline

Security checks across malware telemetry and agentic risk

Overview

This skill openly sets up a local Markdown memory system with scheduled background jobs, so the persistence risk is real but aligned with its stated purpose.

Install this only if you want local, persistent memory across sessions. Before enabling the cron jobs, confirm the workspace path, review MEMORY.md and memory/ regularly, avoid storing secrets or sensitive personal data, and disable or remove the cron jobs if you no longer want background memory updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs installation of recurring cron jobs that continuously process and persist conversation-derived memory, but it does not prominently require informed user consent about ongoing background writes, retention, or reviewability. Silent persistence of user context can surprise users and create privacy, compliance, and data minimization risks even if the feature is intended.

Missing User Warnings

High
Confidence
97% confidence
Finding
The hourly archive job is designed to silently move content from the inbox into raw archives and then clear processed items, which means automated modification and effective deletion of original user-curated content can occur without notice. That combination is riskier than ordinary background logging because it can remove evidence, hinder auditability, and cause unintended retention of sensitive material in another file while the source is cleared.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The spec explicitly requires a cron job to modify persistent memory files and clear processed inbox items while also requiring 'never send a user-visible message.' Silent background mutation of user data reduces transparency, makes unintended data loss or corruption harder to detect, and can violate user expectations around consent and auditability. In this context, the skill is specifically about persistent memory workflows, which makes the behavior functional but still risky unless clearly disclosed and approved by the user.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The daily and weekly jobs are designed to write and update long-lived memory artifacts (`memory/YYYY-MM-DD.md` and `MEMORY.md`) while again requiring no user-visible messaging. Because these files may encode durable preferences, rules, and project context, silent writes can create privacy, integrity, and surprise-persistence risks, especially if summaries are inaccurate or over-retain sensitive information. The skill context increases the sensitivity because the whole purpose is cross-session persistence of user data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs the agent to persist user preferences, decisions, reminders, and project context as memory by default, but it does not tell users that this information may be retained across sessions. That creates a meaningful privacy and consent risk because users may share sensitive personal or project data without realizing it will be stored long-term.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file placement guidance explicitly directs writing memory into named files such as MEMORY.md and memory/*.md, but the rules never disclose to the user that information will be saved to disk. This is dangerous because it can cause silent persistence of potentially sensitive data in local files, where it may later be exposed, synced, backed up, or read by other tools.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal