ClawHub

luci-memory

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it advertises, but it handles very private memory data while using broad triggers and plaintext API-key persistence.

Install only if you trust memories.ai and this skill publisher with searches over your personal videos, photos, recordings, transcripts, traits, relationships, and speech data. Prefer supplying MEMORIES_AI_KEY through a secure environment or secret manager instead of saving it in the skill directory, and be cautious about broad memory or personality questions unintentionally invoking the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill is described primarily as a memory search tool, but it also instructs the agent to download image bytes from an external endpoint and send them through a separate messaging channel. That expands the skill from retrieval into data exfiltration/redistribution, increasing the chance that sensitive personal images are transmitted outside the expected search workflow.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation text is very broad and overlaps with ordinary conversation about memories, relationships, personality, and media. For a skill that can access highly sensitive personal video, transcript, and portrait data, overbroad triggering increases the risk of unintended invocation and privacy-invasive retrieval without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell the agent to persist a user-provided API key in a local .env file for automatic reuse, without warning the user that their credential will be stored on disk. Persisting secrets this way increases the risk of credential leakage through workspace access, backups, logs, or later skill misuse.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill automatically reads a secret from the environment or a local .env file and transmits it to a remote service without any explicit user-facing notice or consent at runtime. In an agent-skill context, silent credential use is sensitive because users may not expect local secrets to be accessed and sent off-box during normal invocation.

Ssd 3

Medium
Confidence
98% confidence
Finding
This is a direct secret-storage weakness: the skill instructs long-term storage of a user-supplied API key in a plaintext .env file for convenience. Plaintext local persistence broadens the exposure window and can let other tools, users, or future executions reuse or steal the credential.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal