ClawHub

Elite Longterm Memory

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate memory skill, but it asks agents to persist conversation details broadly and sometimes silently, with optional cloud services that lack clear privacy warnings.

Install only if you want your agent to retain project and preference context across sessions. Avoid enabling Mem0 or SuperMemory for private, regulated, or proprietary work unless you trust those providers and have approval to upload memory content. Add your own rule requiring the agent to ask before saving sensitive details, summarize rather than copy raw conversation text, and review or delete stored memory regularly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The skill advertises a comprehensive memory architecture but mostly provides instructions and examples rather than implementing the claimed safeguards and integrations. This can cause users or agents to overtrust the skill, leading them to persist sensitive data under the assumption that durability, privacy controls, and integrations are handled safely when they are not.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README promotes cloud backup and automatic fact extraction as core features without warning that they may transmit conversation content, project context, or other sensitive data to third-party services. In an AI memory skill, users are likely to store prompts, code, secrets, and internal decisions, so omission of privacy and data-flow warnings can lead to inadvertent disclosure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Mem0 example shows sending conversation messages to an external API via `client.add(messages, ...)` and retrieving memories from that service, but it does not warn that prompts and extracted facts may be uploaded off-device. Because this package is explicitly designed to persist agent memory, the transmitted data may include sensitive code, credentials, personal data, or proprietary context, making the omission materially risky.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to store user decisions silently, without notifying the user that their conversation data is being retained. In a memory skill, this context makes the issue more dangerous because the entire purpose is persistent capture of user-provided context, including potentially sensitive preferences and decisions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Automatic fact extraction from conversations can capture sensitive personal, project, or credential-adjacent information without meaningful user awareness. Because this skill is designed to maximize retention and recall, the lack of privacy and retention warnings materially increases the risk of overcollection and unintended downstream exposure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The cloud backup section encourages sending memory data to an external service but does not clearly warn that user context may leave the local device and be processed by a third party. In a long-term memory skill, off-device synchronization significantly raises confidentiality and compliance risks because stored conversations may contain sensitive business or personal data.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instructions direct the agent to persist concrete user details and preferences before responding, which encourages indiscriminate retention of conversational content. In this skill's context, that behavior is central rather than incidental, so the risk of collecting sensitive information by default is substantial.

Ssd 3

Medium
Confidence
95% confidence
Finding
The WAL protocol mandates saving user-supplied details before any response, creating a blanket retention workflow that can capture sensitive information reflexively and at scale. This is especially risky in a memory-oriented skill because it normalizes storing all corrections, deadlines, decisions, and preferences without classification or consent gates.

Session Persistence

Medium
Category
Rogue Agent
Content
- [ ] ...
```

**Rule:** Write BEFORE responding. Triggered by user input, not agent memory.

### Layer 2: WARM STORE (LanceDB Vectors)
**From: lancedb-memory**
Confidence
86% confidence
Finding
Write BEFORE responding. Triggered by user input, not agent memory. ### Layer 2: WARM STORE (LanceDB Vectors) **From: lancedb-memory** Semantic search across all memories. Auto-recall injects releva

Session Persistence

Medium
Category
Rogue Agent
Content
User: "Let's use Tailwind for this project, not vanilla CSS"

Agent (internal):
1. Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS"
2. Store in Git-Notes: decision about CSS framework
3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9
4. THEN respond: "Got it — Tailwind it is..."
Confidence
93% confidence
Finding
Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS" 2. Store in Git-Notes: decision about CSS framework 3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9 4. THE

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal