ClawHub

🦞 龙虾记忆备份同步技能 / Lobster Memory Backup & Sync

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory backup skill, but it can persist conversation content, push it to a Git remote, sync it across channels, and delete old files without consistently requiring explicit review.

Install only if you are comfortable with conversation summaries being stored in files and potentially pushed to a private Git repository. Use a dedicated limited SSH key, inspect the exact commit before pushing, keep cron disabled until tested, require explicit confirmation before any save/sync/push/delete action, and replace rm cleanup with archive or dry-run migration steps where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The document for a memory backup/sync skill instructs deletion of files in legacy paths, including under docs/, which expands behavior beyond simple backup into destructive file maintenance. In an agent context, this can cause unintended data loss if the workflow is followed automatically or with loosely substituted filenames.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The guide presents the workflow as backup, but the documented process includes irreversible deletion of old files. This mismatch can mislead users or an agent into believing the operation is safe and recoverable when it may permanently remove content.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill says it may proactively store memory at the end of 'important' conversations without defining objective criteria for importance. That ambiguity gives the agent too much discretion to persist user content, which can result in over-collection of sensitive information and unexpected backup of material the user did not intend to retain.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill says it may proactively store memory at the end of 'important' conversations without defining objective criteria for importance. That ambiguity gives the agent too much discretion to persist user content, which can result in over-collection of sensitive information and unexpected backup of material the user did not intend to retain.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The workflow states that memory write is followed by a backup trigger, but it does not clearly and prominently warn users that this may push content to a remote Git repository. This is dangerous because users may believe they are only storing local notes, while the skill actually performs remote persistence, potentially exposing sensitive conversation-derived data outside the local environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly states that core memory files are automatically backed up to a Git remote every day, but it does not warn users that conversation-derived memory may leave the local system. In the context of a memory backup skill that stores user preferences, project context, and workflow notes, this creates a real risk of unintended disclosure of sensitive or personal information to external repositories or misconfigured remotes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide directs users to back up memory files to a remote Git repository, but only much later includes a brief note saying sensitive information should not be pushed. In the context of a memory backup skill, these files are especially likely to contain personal data, operational notes, credentials references, or other sensitive context, so the lack of an upfront warning and data-minimization guidance materially increases the chance of confidential data exfiltration to a third-party service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal