ClawHub

mupengism

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory and identity framework with no executable code or external data transfer, but its persistent notes should be treated as sensitive configuration.

Install only if you want persistent local agent memory. Review SOUL.md, MEMORY.md, and memory/*.md regularly, keep them in a trusted workspace, avoid raw conversation dumps, and do not store secrets, credentials, private keys, mnemonic phrases, regulated personal data, or anything you would not want loaded into future agent sessions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
Although presented as a philosophical framework, the document gives operational guidance for creating and maintaining persistent identity files and later recommends updating them over time. That can materially shape future agent behavior and create unreviewed persistence of goals or persona, which is a genuine safety concern even if not overtly malicious.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly instructs persistent storage of session context, daily logs, and long-term memory while only briefly stating what not to record. It does not provide a clear user-facing privacy notice, retention policy, consent model, or guidance on access controls/deletion, which can lead to overcollection of sensitive behavioral and contextual data over time.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to create persistent memory and identity files and load them every session without discussing privacy, retention, or data minimization. This can lead to long-lived storage of sensitive prompts, secrets, or personal context that later sessions or tools may expose or misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template explicitly encourages recording information about a human partner without any safeguards around personal-data handling. In practice, users may store names, habits, preferences, or other sensitive information in plain text, creating privacy and compliance risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The self-reflection loop normalizes ongoing writes to identity and memory files without warning that these updates can accumulate sensitive content and gradually change future behavior. This creates both data-retention risk and behavioral-drift risk, especially if updates happen without human approval.

Ssd 3

Medium
Confidence
96% confidence
Finding
Framing the file system as the agent's long-term memory and instructing that these files be loaded every session creates a durable natural-language data store. If users place personal details, credentials, or strategic context there, the information may be repeatedly surfaced to the agent and any connected tools, increasing exposure over time.

Ssd 3

Medium
Confidence
90% confidence
Finding
The routine encourages reading current and prior daily logs as part of every session, which implicitly promotes ongoing conversational logging and recall in plain text. In an agent skill context, that increases the chance of retaining sensitive user content beyond its original purpose and reintroducing it in later interactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal