ClawHub

Reclaw

Security checks across malware telemetry and agentic risk

Overview

Reclaw is a disclosed local persistent-memory skill, and the artifact does not show hidden execution, exfiltration, or destructive behavior.

Install only if you want OpenClaw/Reclaw to retain user-specific information across sessions. Review the separate Reclaw/OpenClaw runtime you use, be careful with historical imports and transcript retrieval, and periodically inspect or remove stored memory if your environment supports it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is described as a memory access/record/search utility, but the documented command surface also includes administrative and high-impact operations such as import, snapshot/summary regeneration, init, verify, uninstall, and projection refresh. This expands the effective capability beyond the declared purpose, increasing the chance an agent or user invokes sensitive environment-changing actions under the guise of a simple memory skill.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Historical conversation import allows bulk ingestion of prior chats, which can introduce large volumes of sensitive data into persistent memory without being necessary for ordinary memory lookup or subject management. In a skill intended for routine memory access, this creates elevated privacy and data-minimization risk, especially if an agent suggests or triggers import inappropriately.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The read_when triggers are broad enough that the skill may activate in many ordinary conversations involving memory, prior context, or what the assistant 'knows.' Over-broad activation matters here because the skill deals with persistent storage and retrieval, increasing the likelihood of unnecessary memory access or capture of sensitive user-specific information.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill states that conversation content should be made clear so an extraction hook captures it into persistent storage, but it provides no explicit privacy warning, consent guidance, retention notice, or sensitivity boundaries beyond a later hard filter. Because this is a memory system that persists user-specific information across sessions, omission of up-front privacy disclosure materially increases the risk of collecting sensitive data without informed user awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal