ClawHub

Simplemem

Security checks across malware telemetry and agentic risk

Overview

Simplemem is a coherent memory skill, but users should understand that saved memories persist locally and may be processed through OpenAI when full features are enabled.

Install only if you want persistent agent memory. Avoid storing passwords, secrets, regulated personal data, or confidential business material as memories. Review or clear the skill's data directory when needed, use a dedicated OpenAI API key for full semantic features, and consider reviewing or pinning the upstream SimpleMem dependency before relying on it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill metadata declares required binaries and environment variables, while the documentation also describes creating a local data directory for persistent memory, but no explicit permissions are declared. This creates a transparency and trust problem: users and hosting platforms may not realize the skill can read environment variables and persist conversation-derived data to disk, increasing the risk of unintended secret exposure or data retention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises cross-session persistent memory and storage creation but does not clearly warn that user conversations or derived memory summaries may be retained across sessions. This can lead users to disclose sensitive information under the assumption of ephemeral processing, creating privacy and compliance risks if personal or confidential data is stored locally.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation instructs users to set an OpenAI API key and enable semantic features without warning that memory content may be transmitted to an external API for embeddings or related processing. If users store sensitive conversation data, that data may leave the local environment unexpectedly, creating confidentiality, policy, and data-governance concerns.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The fallback path silently persists memory content and metadata to a local JSON file on disk without access controls, encryption, retention limits, or user disclosure. If sensitive prompts, personal data, or secrets are added, other local users, backup systems, or later processes may access them unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When SimpleMem is active, the wrapper forwards supplied content to an external OpenAI-backed system without any explicit user warning or consent mechanism. This can expose sensitive memory contents over the network to third-party processing, which is especially risky for agent memory that may include credentials, personal data, or internal context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal