ClawHub

Context Topics

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local topic-memory plugin that saves project context and can optionally export compact local wiki pages.

Use this only if you want project conversations saved locally. Review topic manifests before loading them, avoid adding secrets or credential files, and disable wikiBridge if you do not want topic summaries and pointers copied into a Memory Wiki vault.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The file-level comment promises that sensitive-looking files will not have their absolute paths exposed, but the topic room output elsewhere includes manifest-provided paths such as memoryPath, decisionsPath, artifactsDir, and artifactIndexPath directly in the prompt bundle. If those are absolute paths, the agent receives local filesystem layout information that can aid later targeted reads or host reconnaissance.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README documents automatic export of topic summaries into a Memory Wiki vault on close, capture, and refresh, but the warning about copied data is relatively understated and appears after describing the feature. In a plugin that manages durable conversation memory, users may not realize that project-derived content is being duplicated into another storage location, which can expand exposure, retention, and discoverability of sensitive information on shared or synced systems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The bundler enumerates deferred files with absolute paths and instructs the agent to use the read tool on them. This exposes host filesystem locations to the model and creates a prompt path from manifest-controlled content to later tool use, increasing the chance of unintended data access if the manifest contains sensitive or overly broad file references.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The `/topic capture` flow persists current conversation content into local files and may later export that material to a wiki, but the user-facing command response does not clearly warn that sensitive chat content could be written to durable storage. In an agent context, conversations often contain secrets, internal URLs, credentials, or personal data, so silent persistence increases the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Manual `/topic wiki <name>` triggers a data export operation to an external wiki/vault location without a clear warning, preview, or confirmation of what content will be transmitted. Even if the destination is a local vault, this is still a cross-boundary persistence action that can expose sensitive summaries, decisions, and artifacts beyond the immediate session.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal