ClawHub

Veritas Memory

Security checks across malware telemetry and agentic risk

Overview

This memory skill is openly designed to read prior conversations and rewrite local memory files, but it does so automatically and broadly enough that users should review the privacy and control tradeoffs before installing.

Install only if you want an agent to maintain persistent local memory from your conversations. Review or constrain the startup and auto-sync instructions before use, especially if sessions may include secrets, personal data, account details, trading information, or confidential business context. Prefer using it in a version-controlled workspace or with backups so memory edits and deletions can be reviewed or rolled back.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill defines a powerful maintenance role that reads and rewrites memory artifacts, but it does not clearly state when it should be invoked, by whom, or under what safeguards. Ambiguous activation increases the chance that an agent will run it opportunistically during unrelated tasks, causing unintended memory edits, propagation of transcript errors into canonical files, or silent state drift.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill authorizes direct modification, consolidation, archiving, and deletion of memory data, including deleting completed todos and altering STATE.md, without an explicit user-facing warning or approval step. In an agent context where memory files may influence future decisions, these data-affecting actions can silently remove evidence, corrupt provenance, or destroy useful context, especially because the workflow treats conversation as ground truth and encourages automated cleanup.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs an agent to write to persistent memory files (STATE.md and MEMORY.md) based on parent session content, but it provides no explicit user confirmation, scope restriction, or guardrail around what may be persisted. In a memory-management skill, this creates a real risk of silently storing sensitive conversation data, propagating prompt-injected or inaccurate content into long-lived files, and causing cross-session privacy or integrity issues.

Ssd 3

Medium
Confidence
92% confidence
Finding
This section explicitly instructs the agent to automatically read prior session transcripts to recover context and avoid asking the user again. That creates a persistent-memory behavior that can resurface sensitive information from previous conversations without fresh consent, increasing the risk of privacy violations, cross-context disclosure, and over-retention of user data.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill defines conversations as the 'ground truth' and directs automatic syncing of transcript-derived details into persistent files such as STATE.md and MEMORY.md. This creates a standing instruction to preserve user-provided content beyond the live conversation, which can expose sensitive data later, expand retention without consent, and normalize broad collection of contextual information.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal