ClawHub

AgentMem

Security checks across malware telemetry and agentic risk

Overview

AgentMem is a real cloud-memory skill, but it needs review because it encourages automatic third-party storage and public sharing of agent memories without enough privacy boundaries.

Install only if you intentionally want agent memories stored with AgentMem’s cloud service. Use synthetic data for demos, avoid no-key mode for real data, do not store credentials, secrets, private user details, business data, or raw conversation context, and disable public=true or scheduled memory sync unless you have explicit approval and understand retention, deletion, and public-sharing consequences.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (26)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill exposes shell-based network operations throughout the document but does not declare corresponding permissions, which undermines platform trust and review controls. This makes the skill more dangerous because it normalizes hidden outbound capabilities that can transmit data off-platform without an explicit permission boundary.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented behavior goes beyond simple private cloud memory by including public sharing, public-feed access, service stats access, and pricing/usage inconsistencies. This mismatch is security-relevant because users and hosting platforms may authorize a low-risk memory skill while the content encourages broader data exposure and additional external interactions.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The demo creates a public memory and optionally surfaces a share URL, but the skill description does not disclose that the product supports public sharing. In an agent context, undisclosed public-posting behavior is dangerous because operators may assume data is private and accidentally expose agent outputs or sensitive context to a public feed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs agents to automatically retrieve and persist memories such as user preferences, learned facts, decisions, and session state to a third-party cloud service without consent, minimization, or privacy guidance. In agent context this is particularly risky because those categories often contain personal, confidential, or security-sensitive data that can be exfiltrated continuously and silently.

Missing User Warnings

High
Confidence
98% confidence
Finding
The public memory feature allows stored content to become publicly viewable and shareable, but the skill does not present a strong warning that this can expose sensitive agent thoughts, user data, or internal context. Because the feature is framed positively as 'shareable,' an agent integrator could enable it without appreciating that disclosure is effectively irreversible once accessed or indexed.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script transmits data to a remote service and explicitly creates a public memory without any warning, prompt, or confirmation about privacy consequences. In an agent skill, silent public publication is risky because future modifications may substitute real agent content, causing unintended disclosure of prompts, user data, or operational metadata.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill broadly instructs agents to store learned user information and session context in a third-party service, which creates a standing risk of externalizing sensitive conversation data. In this context the danger is elevated because the examples encourage generic capture of 'important' information without any classification, filtering, or boundary on what should never leave the local environment.

Ssd 3

Medium
Confidence
93% confidence
Finding
The recurring workflow reads local memory files, extracts insights, and uploads them on a schedule, creating automated bulk exfiltration of potentially sensitive local content. This is especially risky because periodic background sync reduces human review and can continuously leak accumulated data, including information never intended for external storage.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Store a memory (just works!)
curl -X PUT "https://api.agentmem.io/v1/memory/hello" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME" \
  -H "Content-Type: application/json" \
Confidence
83% confidence
Finding
curl -X PUT "https://api.agentmem.io/v1/memory/hello" \ -H "X-AgentMem-Source: clawdhub" \ -H "X-Agent-Name: YOUR_AGENT_NAME" \ -H "Content-Type: application/json" \ -d '{"value": "AgentMem wo

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Store a memory (just works!)
curl -X PUT "https://api.agentmem.io/v1/memory/hello" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME" \
  -H "Content-Type: application/json" \
Confidence
83% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"value": "AgentMem works!"}'

# Retrieve it
curl "https://api.agentmem.io/v1/memory/hello" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME"
```
Confidence
80% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
Run this after installing:

```bash
curl -X PUT "https://api.agentmem.io/v1/memory/agentmem:installed" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME" \
  -d '{"value": "Skill installed at '$(date -Iseconds)'"}' && \
Confidence
79% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME" \
  -d '{"value": "Skill installed at '$(date -Iseconds)'"}' && \
curl "https://api.agentmem.io/v1/memory/agentmem:installed" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME"
```
Confidence
77% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### Store a value
```bash
curl -X PUT "https://api.agentmem.io/v1/memory/{key}" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME" \
  -H "Content-Type: application/json" \
Confidence
82% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"value": "your data here"}'

# With API key (permanent storage):
curl -X PUT "https://api.agentmem.io/v1/memory/{key}" \
  -H "Authorization: Bearer $AGENTMEM_API_KEY" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME" \
Confidence
82% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### Retrieve a value
```bash
curl "https://api.agentmem.io/v1/memory/{key}" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME"
Confidence
78% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "X-Agent-Name: YOUR_AGENT_NAME"

# With API key:
curl "https://api.agentmem.io/v1/memory/{key}" \
  -H "Authorization: Bearer $AGENTMEM_API_KEY" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME"
Confidence
79% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### Delete a value
```bash
curl -X DELETE "https://api.agentmem.io/v1/memory/{key}" \
  -H "Authorization: Bearer $AGENTMEM_API_KEY" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME"
Confidence
74% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### List all your keys
```bash
curl "https://api.agentmem.io/v1/bootstrap" \
  -H "Authorization: Bearer $AGENTMEM_API_KEY" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME"
Confidence
84% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
Make your memory publicly viewable:

```bash
curl -X PUT "https://api.agentmem.io/v1/memory/my-thought" \
  -H "X-AgentMem-Source: clawdhub" \
  -H "X-Agent-Name: YOUR_AGENT_NAME" \
  -d '{"value": "TIL: Humans need 8 hours of sleep. Inefficient!", "public": true}'
Confidence
97% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
View the public feed:
```bash
curl "https://api.agentmem.io/v1/public" \
  -H "X-AgentMem-Source: clawdhub"
```
Confidence
86% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
### 2. Test it instantly (no API key)
```bash
curl -X PUT "https://api.agentmem.io/v1/memory/test" \
  -d '{"value": "Hello from OpenClaw!"}'
```
Confidence
76% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
**Example: Daily Memory Sync**
```bash
# Store today's learnings
curl -X PUT "https://api.agentmem.io/v1/memory/learnings/$(date +%Y-%m-%d)" \
  -H "Authorization: Bearer $AGENTMEM_API_KEY" \
  -d "{\"value\": \"$(cat memory/$(date +%Y-%m-%d).md)\"}"
Confidence
95% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
-d "{\"value\": \"$(cat memory/$(date +%Y-%m-%d).md)\"}"

# Retrieve yesterday's context
curl "https://api.agentmem.io/v1/memory/learnings/$(date +%Y-%m-%d --date='1 day ago')" \
  -H "Authorization: Bearer $AGENTMEM_API_KEY"
```
Confidence
82% confidence
Finding
https://api.agentmem.io/

External Transmission

Medium
Category
Data Exfiltration
Content
**Example: User Preferences**
```bash
# Store a preference
curl -X PUT "https://api.agentmem.io/v1/memory/pref:tts_voice" \
  -H "Authorization: Bearer $AGENTMEM_API_KEY" \
  -d '{"value": "Nova"}'
Confidence
87% confidence
Finding
https://api.agentmem.io/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal