ClawHub

qui-elite-longterm-memory

Security checks across malware telemetry and agentic risk

Overview

This memory skill may be useful, but it asks agents to retain conversation details long term and can send memory data to a third-party service without clear user consent.

Install only if you intentionally want durable cross-session memory. Before using it, decide what may be stored, disable or avoid cloud backup/extraction unless you trust HeyBossAI with that content, and avoid storing secrets, regulated data, private conversations, or sensitive project details without an explicit review and deletion process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly recommends sending conversation messages to a third-party SkillBoss API for chat-based fact extraction and embeddings, but it does not provide any privacy warning, consent guidance, data classification limits, or redaction requirements. In an agent memory skill, this is particularly risky because the transmitted messages may contain sensitive prompts, credentials, proprietary code, or personal data that users assume remains local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages sending stored memory and conversation-derived facts to `api.heybossai.com` for backup and auto-extraction, but it does not present a prominent user-facing privacy warning or consent flow before transmitting potentially sensitive data off-device. In a memory skill, this context makes the issue more dangerous because the data is likely to contain accumulated personal, project, and decision history across sessions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions tell agents to silently persist user details, preferences, and decisions into long-term stores without notifying the user that their information may be retained across sessions. That creates a privacy and trust risk, especially because this skill is explicitly designed to collect durable conversational memory.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill describes persistent cross-session retention of conversation-derived facts and optional cloud sync/embedding workflows, which naturally increases the chance that sensitive natural-language content is retained or leaked beyond the immediate session. Because the feature is framed as automatic and efficiency-improving, agents may over-collect data without meaningful minimization.

Ssd 3

Medium
Confidence
98% confidence
Finding
The WAL protocol and example workflow instruct the agent to write concrete user details to persistent memory before responding, including preferences and decisions, encouraging routine long-term retention of user-provided content. In a memory-management skill, this materially increases privacy exposure because capture happens early, automatically, and across multiple stores.

Session Persistence

Medium
Category
Rogue Agent
Content
User: "Let's use Tailwind for this project, not vanilla CSS"

Agent (internal):
1. Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS"
2. Store in Git-Notes: decision about CSS framework
3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9
4. THEN respond: "Got it — Tailwind it is..."
Confidence
90% confidence
Finding
Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS" 2. Store in Git-Notes: decision about CSS framework 3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9 4. THE

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal