ClawHub

Anti-Amnesia Agent

Security checks across malware telemetry and agentic risk

Overview

This skill appears aimed at memory continuity, but it encourages broad automatic persistence of conversations and local state without enough limits or user control.

Install only if you intentionally want this agent to keep long-lived memory. Before enabling it, review where it writes memory files, avoid storing secrets or raw transcripts, and prefer an opt-in configuration with summaries, redaction, and a way to delete old memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs users to automatically save full conversations to persistent storage without any limits, consent guidance, redaction, or retention controls. That creates a real privacy and security risk because chats may contain secrets, credentials, personal data, or internal business context that become durable and easier to exfiltrate or misuse later.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The file imposes unconditional wake-up behavior ('On Every Wake-Up — Mandatory') that triggers reads and possible file creation without defining when this skill should be active or scoped. In an agent environment, broad startup instructions can cause unintended data access, persistence, and side effects across unrelated tasks, increasing the chance of prompt-scope abuse or unnecessary exposure of sensitive state files.

Ssd 3

Medium
Confidence
96% confidence
Finding
Persisting full conversation history as a memory mechanism materially increases the attack surface by turning transient chat content into long-lived files. In the context of an agent system, this is especially risky because the stored logs may later be read by other tools, surfaced into prompts, or exposed through filesystem compromise, causing secondary leakage of sensitive content.

Ssd 3

Medium
Confidence
97% confidence
Finding
The protocol repeatedly directs the agent to 'write everything' and treat all important conversations as file material, which encourages indiscriminate retention of sensitive operational and conversational data. Because this skill's purpose is cross-session persistence, the surrounding context makes the issue more dangerous, not less: it normalizes broad collection and durable storage as a core workflow.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal