ClawHub

elite-longterm-memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent long-term memory skill, but it encourages broad silent retention of conversation details and optional third-party memory services without enough consent, privacy, or sensitivity controls.

Install only if you want agents to keep durable memory across sessions. Avoid using it with secrets, customer data, regulated data, or sensitive business context unless you add explicit retention rules, redaction, review, and deletion controls. Do not enable Mem0, SuperMemory, or other cloud memory features until you understand what conversation content is transmitted and how the provider stores or deletes it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README promotes cloud backup and automatic fact extraction as core features without clearly warning that agent conversations, memory contents, or user data may be transmitted to third-party services. In a long-term memory skill for AI agents, this omission is risky because operators may enable these features assuming they are local-only, leading to unintentional disclosure of sensitive prompts, credentials, internal notes, or personal data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Mem0 integration example instructs users to send conversation messages to an external API but does not state that the messages are leaving the local environment for third-party processing and storage. Because this skill is specifically designed to retain agent context over time, the omitted warning increases the chance that sensitive conversations, proprietary code, user data, or secrets are uploaded without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to store user decisions and preferences silently, without notifying the user that their data will be retained across sessions. Silent persistence of conversational data creates privacy and consent risks, especially when preferences or decisions may contain sensitive business or personal information.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill promotes cloud backup and automatic fact extraction from conversations without clear privacy disclosures or sensitivity filtering. Sending conversation-derived facts to third-party services can expose personal, proprietary, or regulated data beyond the local environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The maintenance section includes a destructive deletion command labeled as a 'nuclear option' but does not provide safeguards, confirmation steps, or backup guidance. Users or agents following the instructions could erase stored memory data irreversibly and lose important context.

Ssd 3

Medium
Confidence
95% confidence
Finding
These instructions direct the agent to persist user-provided details and conversation facts into multiple stores, increasing the blast radius of any sensitive data captured in normal dialogue. Multi-layer retention raises the likelihood of long-term leakage, overcollection, and unauthorized reuse of personal or confidential information.

Ssd 3

Medium
Confidence
97% confidence
Finding
Auto-extraction encourages broad capture of facts from conversations across sessions without guardrails for sensitive categories. This can lead to covert profiling and retention of information the user did not intend to save, especially when paired with external memory services.

Ssd 3

Medium
Confidence
96% confidence
Finding
The WAL protocol mandates logging user preferences, decisions, deadlines, and corrections before responding, which operationalizes automatic retention of user input as a default behavior. Because these categories often contain sensitive personal or project information, mandatory pre-response logging creates substantial privacy and data governance risk.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal