ClawHub

Memory Treasure

Security checks across malware telemetry and agentic risk

Overview

This memory-management skill is coherent, but it asks the agent to automatically retain, reload, and back up potentially sensitive conversation data without clear user controls.

Review before installing. Use this only if you intentionally want persistent local memory. Keep API keys, credentials, personal data, and confidential work out of the memory folder; confirm whether any cron archival is actually enabled; and define how to inspect, redact, back up, encrypt, and delete stored memories before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad, natural conversational terms such as memory recovery and backup-related language, which can cause unintended activation during ordinary chat. In this skill, unintended activation is more dangerous because activation may load stored memory context or initiate memory-related operations tied to archived conversations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill states that memory content is automatically loaded at startup and that conversation data is archived, but it does not present clear consent, privacy notice, retention limits, or handling guidance for sensitive data. In a memory-management skill, this omission is especially risky because the system is explicitly designed to persist conversational content across sessions, increasing exposure of personal, confidential, or secret material.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The backup command packages all memory files to local storage without warning that those files may include complete conversation archives, sensitive notes, and important files. This creates a realistic risk of accidental disclosure, insecure local storage, or exfiltration through broad backups.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly directs verbatim archival of complete conversations and also labels important files such as keys and chat records as part of memory content. Even without active exfiltration logic, retaining raw sensitive material increases the blast radius of any later access, backup, sharing, or compromise of the memory store.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instruction to store complete raw dialogues 'without deleting a single word' semantically encourages preservation of all user-supplied sensitive content, including credentials, personal data, and confidential business information. In the context of a persistent memory skill, that materially raises confidentiality and compliance risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
Backing up all memory files by default will include archived conversations and any sensitive documents stored in the memory hierarchy, compounding the retention risk by duplicating data into another location. This makes accidental exposure more likely and frustrates later deletion or minimization efforts.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal