ClawHub

EdgeHDF5 Memory

Security checks across malware telemetry and agentic risk

Overview

This is a clearly disclosed local long-term memory skill, but users should handle saved memory files and exports as sensitive data.

Install only if you want an agent to keep local long-term memory. Avoid storing secrets, credentials, regulated data, or private conversations without consent. Protect the .h5, .wal, snapshot, export, and AGENTS.md files, and verify the edgehdf5-cli Cargo package before installing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs agents to persist conversation content to long-term memory and manage/export those files, but it provides no privacy warning or guidance on handling sensitive user data. In practice, this can lead operators or downstream agents to store secrets, personal data, or regulated information in durable files without consent, minimization, retention, or access controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Generating AGENTS.md from stored memory can surface previously saved conversation content into a human-readable artifact that is easy to commit, share, or publish accidentally. Without an explicit warning, users may unknowingly expose sensitive historical prompts, user details, or internal operational context through summary generation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The export command is capable of dumping all stored memory entries, which may include complete conversation history, embeddings, metadata, and sensitive user information. Because the skill presents this as a routine operation without warning or safeguards, it increases the chance of bulk data exfiltration, accidental sharing, or insecure downstream handling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal