ClawHub

Shang Tsung

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a coherent local memory skill, but users should understand that it intentionally stores and reuses agent context across future sessions.

Install this only if you want the agent to keep local persistent memory across sessions. Review the memory files it reads and writes, avoid storing secrets, keep personal MEMORY.md use private, and ensure AGENT_NAME or SOULS_DIR cannot point to an unintended path.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI06: Memory and Context Poisoning
Medium
What this means

Private, stale, or incorrectly edited memory can affect later agent responses and may expose personal context if loaded in the wrong setting.

Why it was flagged

The protocol intentionally reuses persistent local memory files as future-session context, including MEMORY.md, which the artifact itself says may contain personal context.

Skill content
Read `memory/YYYY-MM-DD.md` (today + yesterday) ... Read `PROOF_OF_LIFE.md` ... If in a private/direct session with your human: also read `MEMORY.md`
Recommendation

Review memory files periodically, avoid storing secrets, and keep MEMORY.md limited to private sessions as the template recommends.

#ASI01: Agent Goal Hijack
Low
What this means

If someone edits these files with bad instructions, the agent may carry those instructions into future sessions.

Why it was flagged

The startup sequence gives local workspace files strong influence over the agent's identity and continuity before normal task work.

Skill content
Before doing anything else: 1. Read `SOUL.md` — this is who you are ... Read `PROOF_OF_LIFE.md` — your last session's living state. Continue where it left off.
Recommendation

Treat SOUL.md, PROOF_OF_LIFE.md, MEMORY.md, and soul files as trusted configuration; review changes before allowing them to guide the agent.

#ASI05: Unexpected Code Execution
Info
What this means

Installing the protocol means the agent may run a local helper that creates and verifies Markdown lineage files.

Why it was flagged

The skill expects running an included bash helper during setup and at session start. This is central to the stated purpose and the provided script is local filesystem-only.

Skill content
AGENT_NAME=YOUR_AGENT_NAME tools/souls-helper.sh status ... AGENT_NAME=YOUR_AGENT_NAME tools/souls-helper.sh create
Recommendation

Inspect the helper before use and install it only in workspaces where local Markdown file creation is acceptable.

#ASI02: Tool Misuse and Exploitation
Low
What this means

Unusual or untrusted environment values could cause soul files to be created outside the intended per-agent directory.

Why it was flagged

The helper derives write locations from environment variables and does not validate AGENT_NAME contents; SOULS_DIR is also documented as a full path override.

Skill content
elif [[ -n "${AGENT_NAME:-}" ]]; then
    SOULS_DIR="$WORKSPACE/souls/$AGENT_NAME"
...
mkdir -p "$SOULS_DIR"
Recommendation

Use simple AGENT_NAME values such as letters, numbers, dash, or underscore, and set SOULS_DIR only to a trusted local path.