ClawHub

Big Memory

Security checks across malware telemetry and agentic risk

Overview

Big Memory is a coherent local memory-snapshot skill, with privacy risks from durable task context but no evidence of hidden, destructive, or exfiltrating behavior.

Install only if you want local durable task snapshots. Review memory files periodically, prefer explicit /big-memory commands for control, do not store secrets or personal data in snapshots, and be cautious before enabling session transcript indexing or cloud embedding search.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises broad natural-language activation phrases such as "save snapshot" and "checkpoint" without clear scoping to an explicit command namespace. In normal conversation these phrases can appear incidentally, causing unintended memory writes or state-capture behavior that the user did not mean to invoke.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The user-trigger section repeats ambiguous invocation phrases ("save snapshot", "checkpoint", "big-memory save") and treats them as sufficient to execute persistence actions immediately. This increases the chance of accidental triggering through ordinary dialogue, quoted text, documentation, or adversarial prompt content embedded in other materials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template explicitly asks for "exact key names and values" and gives examples like environment variable names, config keys, error messages, and other exact values, but it provides no guardrails against including secrets such as API keys, tokens, credentials, or other sensitive runtime data. In a memory/snapshot skill whose purpose is to preserve context across compaction, this increases the chance that sensitive data will be copied into durable conversational context and later resurfaced, retained longer than necessary, or exposed to downstream tools and users.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document recommends enabling indexing of conversation transcripts via experimental session memory, but it does not clearly warn that prior user prompts may contain secrets, personal data, or other sensitive content that could later be surfaced through recall. In a memory-oriented skill, this increases the chance of unintended retention and re-exposure of sensitive conversational data across turns or sessions.

Ssd 3

Medium
Confidence
97% confidence
Finding
The snapshot schema explicitly asks the agent to preserve exact code, identifiers, paths, env vars, API endpoints, table names, and errors, and says not to omit fields. Without a sensitivity filter, this can capture secrets, credentials, personal data, proprietary code, or security-relevant internals into long-lived memory, expanding exposure beyond the original context.

Ssd 3

Medium
Confidence
96% confidence
Finding
The recovery flow instructs the agent to display recovered state back to the user, including files, next steps, and potentially content derived from stored snapshots. If snapshots contain sensitive details, this creates a second-stage disclosure path where old secrets or confidential implementation details may be re-exposed automatically in later sessions.

Ssd 3

Medium
Confidence
97% confidence
Finding
The recommended compaction prompt instructs the agent to persist highly specific task details, including file paths, variable names, code snippets, and key names/values, into memory files. That broad retention scope can capture credentials, secrets, internal code, or sensitive business context and make it retrievable later, creating a persistent data exposure risk rather than a transient context-only risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
Indexing past conversation transcripts makes prior user-provided content searchable and retrievable beyond its original context. Because conversations frequently contain sensitive instructions, credentials, debugging output, or personal information, enabling this feature can expose historical content during later recalls or to tools operating over memory search.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal