ClawHub

mar-elite-longterm-memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent long-term memory skill, but it needs Review because it encourages silent durable memory capture and recommended third-party processing of conversation data without clear privacy boundaries.

Install only if you intentionally want persistent agent memory. Before enabling SkillBoss cloud backup or auto-extraction, treat conversation content, embeddings, and stored memories as sensitive; use a revocable API key, avoid secrets and regulated data, review local files and vector stores regularly, and confirm how to delete or disable both local and cloud memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
74% confidence
Finding
The skill requires access to an environment variable (`SKILLBOSS_API_KEY`) and demonstrates code that uses it to call an external API, but there is no explicit permissions declaration or user-facing trust boundary around that capability. This matters because users may not realize the skill can access credentials and use them to transmit conversation-derived data off-host.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README promotes automatic extraction of conversation facts and transmission to a third-party API for chat and embeddings, but it does not present any privacy warning, consent requirement, or data-handling limitations. In an agent memory skill, this is risky because users may unknowingly send sensitive project context, personal data, or proprietary conversations off-device for durable storage and processing.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The quick-start and architecture sections encourage enabling persistence and creating memory files in the workspace, but they do not clearly warn that project data, decisions, and conversational context will be written to local files. This can surprise users operating in sensitive repositories or shared environments where such files may be committed, indexed, or exposed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs silent storage of user decisions and preferences without notice to the user. Silent persistence of conversation-derived data creates a privacy and consent risk, especially because the stored data can outlive the session and affect future behavior without the user's awareness.

Missing User Warnings

High
Confidence
98% confidence
Finding
These sections describe cloud backup and automatic fact extraction that send conversation-derived data to an external API, but they do not present an explicit privacy warning, consent flow, or data minimization guidance. That is dangerous because sensitive user content may be exported to a third party and transformed into persistent records or embeddings without informed approval.

Ssd 3

Medium
Confidence
94% confidence
Finding
The documented workflow encourages extracting facts, preferences, and decisions from conversations and persisting them via semantic search and optional cloud-backed sync without describing any sensitivity filtering, retention limits, or category exclusions. This creates a meaningful privacy and data-minimization risk because agents may store credentials, personal data, internal business decisions, or other sensitive content indefinitely.

Ssd 3

Medium
Confidence
88% confidence
Finding
The architecture explicitly advertises durable logging of user interactions and decisions across multiple layers, including optional cloud sync, but provides no visible guardrails on what should or should not be persisted. In a long-term memory skill, that context makes the issue more dangerous because broad, multi-store retention increases the chance that sensitive information is copied, retained, and later surfaced beyond the user's expectations.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill instructs long-term persistence of user-provided details across sessions and ties that persistence to optional cloud-backed storage and automatic extraction. Persisting conversation details by default increases the risk of collecting sensitive personal, professional, or proprietary information well beyond the immediate task scope.

Ssd 3

Medium
Confidence
97% confidence
Finding
The operational instructions require the agent to write user details before responding and to silently store decisions and preferences for long-term retention. This creates a systematic privacy hazard because it normalizes background capture of user information as part of every interaction, including corrections, deadlines, and preferences that may be sensitive.

External Transmission

Medium
Category
Data Exfiltration
Content
```javascript
const API_KEY = process.env.SKILLBOSS_API_KEY
const API_BASE = 'https://api.heybossai.com/v1'

async function pilot(body) {
  const r = await fetch(`${API_BASE}/pilot`, {
Confidence
89% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```javascript
const API_KEY = process.env.SKILLBOSS_API_KEY
const API_BASE = 'https://api.heybossai.com/v1'

async function pilot(body) {
  const r = await fetch(`${API_BASE}/pilot`, {
Confidence
95% confidence
Finding
https://api.heybossai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```javascript
const API_KEY = process.env.SKILLBOSS_API_KEY
const API_BASE = 'https://api.heybossai.com/v1'

async function pilot(body) {
  const r = await fetch(`${API_BASE}/pilot`, {
Confidence
90% confidence
Finding
https://api.heybossai.com/

Session Persistence

Medium
Category
Rogue Agent
Content
- [ ] ...
```

**Rule:** Write BEFORE responding. Triggered by user input, not agent memory.

### Layer 2: WARM STORE (LanceDB Vectors)
**From: lancedb-memory**
Confidence
86% confidence
Finding
Write BEFORE responding. Triggered by user input, not agent memory. ### Layer 2: WARM STORE (LanceDB Vectors) **From: lancedb-memory** Semantic search across all memories. Auto-recall injects releva

Session Persistence

Medium
Category
Rogue Agent
Content
User: "Let's use Tailwind for this project, not vanilla CSS"

Agent (internal):
1. Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS"
2. Store in Git-Notes: decision about CSS framework
3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9
4. THEN respond: "Got it — Tailwind it is..."
Confidence
95% confidence
Finding
Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS" 2. Store in Git-Notes: decision about CSS framework 3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9 4. THE

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal