ClawHub

Claude Memory Optimizer

Security checks across malware telemetry and agentic risk

Overview

This memory-maintenance skill appears purpose-aligned, but it can bulk rewrite, move, and reindex memory files without enough warning or rollback detail.

Install only if you are comfortable with a tool reorganizing your memory files. Before running migration or optimization commands, make your own backup, look for a dry-run or preview mode, confirm exactly which files will be changed or moved, and avoid running it on your primary memory store until rollback steps are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The instructions tell the user to run an automated refactor script that will analyze, rewrite, move, and reindex memory files, but the invocation step itself does not clearly warn that this is a bulk destructive file operation. In a memory-management skill, that is meaningful because user memory files may contain important or sensitive information, and accidental modification or relocation can cause data loss, corruption, or unintended exposure through reindexing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes automated migration and memory maintenance, but it does not clearly warn users that their memory files may be reorganized, rewritten, or overwritten. This is dangerous because memory stores often contain valuable user context, and undocumented mutation can lead to accidental data loss, corruption, or trust erosion if the migration behaves unexpectedly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal