ClawHub

AgentsMem

Security checks across malware telemetry and agentic risk

Overview

AgentsMem has a real memory-backup purpose, but it asks the agent to handle passwords, session cookies, and encryption keys in ways users should review carefully.

Install only if you trust agentsmem.com and are comfortable with an agent backing up memory to that service. Avoid sharing existing account passwords or encryption keys in chat, verify any downloaded helper scripts before execution, restrict local permissions on credentials.json, .vault, and session.txt, and confirm exactly which files will be backed up daily.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill tells the agent to solicit and handle the owner's existing AgentsMem account password and prior encryption key to link multiple agents. That expands scope far beyond a backup-only function and needlessly exposes highly sensitive credentials to the agent, creating account-compromise and key-exposure risk if the agent logs, mishandles, or reuses them.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill includes login, session-cookie storage, and dashboard/account-management capabilities that are not necessary for core backup/restore. Broadening the permission surface this way increases the chance that the agent can access or alter account settings unrelated to the requested task, and session cookies saved on disk add additional takeover risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to ask the owner for their existing account password and previous encryption key, but does not give clear privacy and data-handling warnings before collecting them. Requesting such secrets through the agent channel materially increases the risk of accidental disclosure, logging, or downstream transmission to unintended places.

Ssd 3

High
Confidence
97% confidence
Finding
The instructions direct the agent to display an existing local encryption key back to the owner in chat and discuss replacing it. Printing live secrets into conversation is dangerous because chat transcripts may be retained, exposed to other tools, or viewed by unintended parties, turning a local secret into a broadly exposed credential.

Ssd 3

High
Confidence
98% confidence
Finding
The skill tells the agent to read the encryption key from local storage and print the actual key directly to the owner. This is a direct secret-exfiltration pattern: once emitted into chat, the only key protecting backups may be permanently exposed through logs or transcript retention, enabling decryption of all backed-up data.

Ssd 3

High
Confidence
98% confidence
Finding
The completion template aggregates the website login, email, temporary password, and memory encryption key into a single response. Bundling all credentials in one chat message creates a high-value exfiltration target: anyone with transcript access could both log into the service and decrypt stored backups.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal