ClawHub

Memory (TencentDB)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory plugin, but it stores and recalls sensitive conversation history by default and includes under-documented high-impact behaviors that users should review first.

Review this before installing in any environment with private or regulated conversations. Confirm who can trigger memory search, whether raw conversation search should be disabled or restricted, set a finite retention period, and use local-only model/storage settings if conversation content must not be sent to third-party services. Also inspect the published package contents for the postinstall patch script before allowing install-time scripts to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly advertises automatic capture of conversations, long-term memory extraction, scene summarization, and persona generation, but does not present a clear user-facing consent, notice, or privacy boundary. In an agent plugin, this can lead operators to deploy persistent collection of sensitive user content and profiles without adequate disclosure or policy controls.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The quick-start flow configures a remote model endpoint and API key, while the plugin processes captured conversations and persona data, but the README does not clearly warn that user content may be sent to external LLM services. This omission can cause unintentional external disclosure of sensitive conversation history during normal operation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly describes automatic capture of conversations, extraction of structured memory, and storage in local SQLite and a remote Tencent vector database, yet the documentation shown does not present a clear consent, retention, or data-sharing warning. This creates a real privacy and compliance risk because users may enable the skill without understanding that potentially sensitive chat content and persona data are being persisted and possibly transmitted to third-party infrastructure.

Ssd 3

Medium
Confidence
88% confidence
Finding
The documented design stores raw conversations, extracted memories, scene blocks, and personas across multiple layers, increasing the amount and sensitivity of retained user data. Without strong minimization, access controls, and explicit privacy guidance, this creates a meaningful risk of over-retention and later disclosure through the agent or the filesystem/backend.

Ssd 3

Medium
Confidence
90% confidence
Finding
The README describes agent-callable tools that can retrieve structured memories and raw conversation history, which creates a direct semantic path for an agent or prompt-injected workflow to surface prior user data. In a memory plugin, this materially raises the risk of sensitive data disclosure because the retrieval interface is intentionally exposed to model-controlled tool use.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal