ClawHub

Vanar Neutron Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote memory skill that can store conversation text when enabled, so it is privacy-sensitive but purpose-aligned and opt-in.

Install only if you want a hosted memory service and are comfortable sending saved text, search queries, and optionally conversation turns to Vanar Neutron over HTTPS. Keep auto-capture and auto-recall disabled unless you intentionally want automatic upload/recall, and avoid storing secrets, regulated data, or confidential business content unless that use is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When enabled, this hook sends the full user message and AI response to a remote service, creating a clear data exfiltration path for potentially sensitive prompts, secrets, internal context, or personal data. Although it is opt-in via VANAR_AUTO_CAPTURE and appears intended as a memory feature, the script provides no runtime notice, consent prompt, filtering, or redaction before transmission.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The hook sends the user's latest message to a remote memory-search API automatically once auto-recall is enabled, with no in-script notice, consent prompt, redaction, or allowlist of acceptable content. In a memory skill, this behavior is functional, but it still creates a real privacy and data-exposure risk because prompts may contain secrets, personal data, or proprietary information that are transmitted off-host before the model turn.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The save command sends arbitrary user-provided text to a remote service, but the script does not clearly warn at the point of use that supplied content leaves the local machine and becomes persisted remotely. In a memory skill whose purpose is long-term storage across sessions, this increases the chance that users or calling agents will unknowingly transmit secrets, tokens, personal data, or sensitive conversation context off-device.

Ssd 3

Medium
Confidence
92% confidence
Finding
The skill advertises optional persistence of conversations across sessions, which creates a real confidentiality and data-retention risk even if opt-in. Full conversational content can include secrets, personal data, credentials, or sensitive business context, and semantic search increases the chance that previously stored sensitive material is resurfaced in later contexts.

Ssd 3

Medium
Confidence
96% confidence
Finding
This section explicitly states that complete `User` and `Assistant` messages are sent to a remote API for storage and that the latest user message is reused as a search query. That is a concrete data-exposure pathway: sensitive prompts, responses, and embedded secrets may be transmitted off-platform and later reintroduced into model context, potentially broadening exposure beyond the original session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal