ClawHub

Memory Reflect

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill openly maintains long-term memory from recent notes, with no executable code, installers, network use, or credential handling.

Install this only if you want an agent to review recent notes or conversations and maintain long-term memory for you. Enable cron or heartbeat runs intentionally, keep backups or review diffs for MEMORY.md, and avoid storing highly sensitive material in notes that could be consolidated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The frontmatter description says the skill should run when triggered by cron, heartbeat, or an explicit request, but it does not define clear guardrails for who may invoke it or under what preconditions. Because the skill reads recent notes and writes to persistent memory files, vague activation criteria can cause unintended background execution and unreviewed modification of long-term memory.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The on-demand trigger 'User asks to reflect, consolidate, or review recent memory' is broad and semantically fuzzy, so ordinary conversation about memory could unintentionally activate a workflow that reads and rewrites memory artifacts. In this context, unintended activation is risky because the skill performs durable state changes rather than merely answering a question.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guidelines direct the agent to update MEMORY.md and append to daily notes, but they do not prominently warn that the skill modifies persistent user data and may restructure or remove outdated entries. Without a user-visible warning or confirmation model, the skill can surprise users with durable edits, including changes that are hard to audit or reverse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal