ClawHub
Back to skill

Security audit

memddc

Security checks across malware telemetry and agentic risk

Overview

MemDDC is a coherent documentation skill, but it broadly scans, analyzes, writes, and stores project knowledge with weak consent and secret-handling boundaries.

Install only for repositories where it is acceptable for an agent to read code, configs, commit history, IDE metadata, and user documents. Do not provide live database credentials; use redacted schema or DDL exports instead. Review .memddc contents before committing or sharing, and require explicit approval before scans, AI submission, or file updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises automatic full-project scanning and Git commit-pattern analysis, but provides no warning that these operations may ingest sensitive source code, secrets, internal architecture, or developer-identifying metadata. In the context of an AI skill that builds persistent project snapshots and analyzes VCS history, this omission can lead users to expose confidential information without informed consent or appropriate handling controls.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documented mem-snapshot.json structure and generated .memddc artifacts clearly aggregate project metadata, file paths, entity-to-service mappings, architectural patterns, and other high-value internal context, yet the README does not warn that these files may themselves become sensitive assets. If stored insecurely, committed to source control, or shared externally, they can significantly aid reconnaissance and leak proprietary system design.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly advertises automatic full-codebase scanning, Git/VCS analysis, and creation of project artifacts such as mem-snapshot.json and generated docs, but it does not warn users that repository contents and history will be analyzed and new files will be written into the workspace. In an agent-skill context, this can lead to unexpected access to sensitive source code or metadata and silent persistence of derived artifacts, which increases privacy, confidentiality, and change-management risk.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger list includes broad natural-language phrases such as 'Load memory constraints for modification' and 'Iterate according to DDD contract', which could be matched during ordinary conversation rather than deliberate activation. In an agent environment, ambiguous triggers can cause unintended invocation of scanning or modification workflows, especially because this skill is designed to analyze repositories and update documentation artifacts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly describes sending VCS logs, file structure, and user-provided documents to an AI for analysis, but it does not require consent, minimization, redaction, or a clear warning about possible exposure of secrets, internal paths, credentials, business data, or personal information. In a team/project context, these sources commonly contain sensitive material, so transmitting them externally without safeguards creates a real confidentiality risk.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger conditions are broad enough to activate on routine code, structure, and config changes, which can cause the skill to run unexpectedly and perform scanning or file writes without a clearly intentional user action each time. In this skill's context, that is risky because the capability includes deep repository inspection, document regeneration, and synchronization into a shared .memddc directory.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The description understates the operational impact of the skill: it performs full project scanning, analyzes source/configuration/artifacts, and writes multiple documents and memory files back into the repository. Without prominent warnings and consent language, users may invoke it without understanding that it can inspect broad codebases and persist derived data, increasing the chance of unintentional disclosure or disruptive modifications.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill explicitly invites users to provide existing database connection information so it can reverse-engineer a database, but it gives no warning against sharing credentials, production endpoints, or other secrets. In a documentation/memory skill that also stores snapshots and logs, this creates a strong risk that sensitive database access details will be exposed, retained, or propagated into project artifacts.

Ssd 3

Medium
Confidence
94% confidence
Finding
The workflow instructs the agent to ingest project history, user documents, and structural analysis results, then persist them into shared memory artifacts such as .memddc files and snapshots. This creates durable natural-language retention of potentially sensitive internal knowledge, which can later be exposed to other users, commits, branches, or downstream AI interactions beyond the original need.

Ssd 3

Medium
Confidence
95% confidence
Finding
The active request flow solicits broad project artifacts including database structures, API documents, code samples, business requirements, architecture documents, third-party integration docs, and security requirements. This natural-language collection channel can easily induce users to paste proprietary or sensitive material into the skill, especially because the surrounding design also emphasizes retention, compression, and synchronization of gathered context.

Ssd 3

Medium
Confidence
94% confidence
Finding
The memory snapshot design directs the skill to retain structured metadata, file indexes, VCS summaries, architecture analyses, code style patterns, business constraints, and relationship mappings, while the directory structure also includes raw VCS logs and file trees. In this context, centralized retention in a team-shared directory materially increases exposure of sensitive repository structure, internal business logic, and potentially secret-bearing history beyond what is necessary for documentation assistance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal