ClawHub

Memory Ingest

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only memory ingestion skill whose storage behavior is disclosed and aligned with its purpose, but users should avoid saving sensitive raw content unless they intend persistent retention.

Install this only if you want pasted material saved into Basic Memory. Review the proposed notes before approval, redact secrets or regulated data first, and avoid optional web research for private meetings, emails, projects, or relationships.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill gives conflicting retention instructions: it says source content should be preserved verbatim, but the document workflow allows including only key sections. In a memory-ingest skill handling external documents, this inconsistency can cause unpredictable storage behavior and accidental over-retention or under-retention of sensitive content, weakening user expectations and privacy controls.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document contains contradictory guidance about whether ingested content must be stored verbatim or may be selectively included. For a workflow that writes notes to persistent memory, contradictory instructions are dangerous because the agent may choose the most permissive interpretation and retain confidential data that should have been minimized.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger conditions are broad enough that the skill may activate on generic requests like processing notes or adding content to memory, even when the user may not intend full ingestion and persistence. In this context, unintended invocation increases the chance that sensitive pasted material is searched, transformed, or stored without a clear checkpoint.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description invites ingestion of external transcripts, logs, documents, and emails but does not clearly warn that the content may be stored in memory, potentially verbatim. Because this skill is specifically designed for persistent knowledge capture, the missing privacy warning materially increases the risk of users submitting confidential or regulated information without informed consent.

Ssd 3

Medium
Confidence
98% confidence
Finding
Instructing the agent to preserve meeting transcripts and conversation logs verbatim creates a direct data-minimization problem. Such raw material often contains personal data, confidential business discussions, credentials, or sensitive context, and storing it wholesale in a retrievable memory system expands the blast radius of any later exposure or misuse.

Ssd 3

Medium
Confidence
99% confidence
Finding
The source-note workflow explicitly creates persistent notes containing full transcript content, which encourages long-term retention of user-supplied material that may be confidential, proprietary, or personal. In a memory system, this is especially risky because the data becomes durable, searchable, linkable to entities, and more likely to be surfaced in unrelated future contexts.

Ssd 3

Medium
Confidence
98% confidence
Finding
The guideline that the original text is the ground truth and should be preserved verbatim reinforces indiscriminate retention of whatever the user pasted. In this skill's context, that makes the issue more dangerous because the system is purpose-built to ingest unstructured external inputs, which are particularly likely to contain sensitive or third-party data that should not be permanently stored in full.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal