ClawHub

记忆宫-彧哥版

Security checks across malware telemetry and agentic risk

Overview

This is a plain Markdown memory skill that openly asks the assistant to read a user-chosen notes folder, with privacy caveats but no hidden code or data transfer found.

Install only if you want the assistant to read the memory folder you select and use those notes to shape future replies. Keep secrets, credentials, regulated data, and third-party private information out of that folder; review any .memory-path setting; and approve each memory write manually before saving it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly says the AI will read the user's memory folder, load core concepts, and inherit prior insights, but it provides no privacy, consent, or integrity warnings about what kinds of sensitive data may be ingested or how that data may influence future behavior. In this context, users are encouraged to place highly personal identity, methodology, and daily records into the store, so omission of safeguards materially increases the risk of oversharing, prompt injection via notes, and unintended disclosure in later conversations.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill recommends automatically writing important conversation content into the memory store after each chat, creating a durable retention channel for sensitive data that users may not realize is being preserved. This can capture secrets, personal data, or regulated information and later re-expose it through future prompts, especially because the same skill also promotes reloading and internalizing those files as part of the AI's persona.

Ssd 3

Medium
Confidence
93% confidence
Finding
The core function of the skill is to read and internalize a user's memory files and past records so the AI can act as a 'digital twin,' which inherently exposes potentially sensitive personal information to the model context. Even if intended as a convenience feature, this broad ingestion model raises confidentiality and integrity risks because identity notes, daily records, and insights may contain secrets or untrusted content that affects future outputs.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal