ClawHub

Shared Brain

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it broadly installs persistent shared memory that can influence every agent in a workspace, so users should review it before installing.

Install only if you intentionally want workspace-wide persistent memory shared by all agents. Run sb-install.sh --dry-run first, commit or back up AGENTS.md, HEARTBEAT.md, and memory files, restrict who can write to the queue, and do not store secrets or untrusted user/webhook content in the shared brain.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs adding an automatic heartbeat step that runs `sb-curate.sh`, which merges queued data into persistent shared memory and may archive files when size thresholds are exceeded. Because this is a recurring background-like maintenance action that mutates and rotates state without an explicit warning, confirmation step, or rollback guidance in the integration block, it creates a real integrity risk: agents or operators may unknowingly overwrite, propagate, or archive incorrect data across a multi-agent environment.

Ssd 3

Medium
Confidence
95% confidence
Finding
The script injects instructions into every agent so they automatically read a shared plain-text memory file at startup, creating a trust and propagation channel across all agents. If that shared file is poisoned by a compromised agent, prompt injection, or incorrect data, the contamination is amplified to the whole multi-agent environment and can affect future agent behavior persistently.

Ssd 3

Medium
Confidence
94% confidence
Finding
By appending a heartbeat curation workflow that merges queued information into a canonical shared brain, the script establishes an automated republishing pipeline for accumulated agent- or user-supplied content. This increases persistence and blast radius: malicious or stale entries can be normalized into shared ground truth and redistributed repeatedly to all agents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal