ClawHub

Agent Memory Architecture

Security checks across malware telemetry and agentic risk

Overview

This is a file-based memory skill that behaves as advertised, but users should treat its memory files as sensitive persistent records.

Install only if you want a persistent memory layer. Do not store API keys, passwords, tokens, recovery codes, or highly precise secret locations in these files; keep only minimal references, restrict workspace permissions, and periodically review or delete old memory entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly directs agents to persist sensitive information such as operator preferences, infrastructure details, and personal reflections to local files, but it does not provide a prominent user-facing warning, consent model, retention policy, or data minimization guidance. In this context, the architecture is specifically designed to increase cross-session persistence, which raises the likelihood of privacy leakage, over-collection, and unintended disclosure if those files are later loaded in other contexts or exposed through the workspace.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template explicitly prompts agents to record 'credentials locations' along with account and infrastructure details, but provides no warning to avoid secrets or to minimize sensitive data retention. In a long-term memory skill, this creates a durable aggregation point for high-value operational metadata that could enable credential discovery, account takeover, or broader system compromise if the memory store is exposed or misused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal