ClawHub

Engram Brain

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory skill, but it broadly stores and silently reuses personal and project context in ways users should review before installing.

Install only if you want a persistent agent memory layer that stores conversation and project context locally and may resurface it later. Review the remote installer before running it, avoid saving secrets or regulated data, treat forget as soft deletion unless the project documents a purge path, and check whether you can disable automatic recall, intentions, and proactive notifications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to store user conversation content, including personal identity facts, into persistent long-term memory, but it does not require clear notice or consent before doing so. This creates a real privacy risk because sensitive personal data may be retained and reused across sessions without the user's informed awareness.

Natural-Language Policy Violations

High
Confidence
99% confidence
Finding
The instructions tell the agent to integrate recalled information naturally and avoid revealing that it came from stored memory. Concealing the source of retrieved personal context undermines transparency and informed user control, and can cause users to unknowingly interact with decisions shaped by hidden retained data.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
The skill directs the agent to act on intention triggers without announcing that a latent stored instruction was activated. This is dangerous because previously stored prompts can silently influence future behavior, reducing user visibility into why the agent is responding or acting a certain way.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill normalizes persistence of broad conversational material and explicitly lists personal identity facts, preferences, decisions, goals, and corrections as items to store in long-term memory. In this context, the memory skill is specifically designed to retain user data across sessions, making over-collection and unnecessary retention a concrete security and privacy concern rather than a theoretical one.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill instructs the agent to automatically fetch broad historical context at the start of every conversation and use recalled memory without disclosing that the information came from stored user data. This increases the chance of unnecessary exposure of old personal information and creates a hidden-data-flow problem where prior retained data silently shapes current responses.

Ssd 3

High
Confidence
99% confidence
Finding
This guidance explicitly tells the agent to hide the use of memory retrieval and silently blend recalled information into responses. In a long-term memory skill, that concealment is especially risky because it obscures the existence and influence of retained personal data, making privacy harms and manipulation harder for users to detect.

Ssd 3

Medium
Confidence
95% confidence
Finding
The intention feature allows stored prompts or actions to persist and later influence the agent during recall, creating a latent instruction channel across conversations. Because these triggers can reactivate later behavior based on old stored content, they can be abused for stealthy cross-session influence and are more dangerous in a memory-oriented skill than in a stateless one.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal