ClawHub

Synapse Layer Skill for Hermes Agent

Security checks across malware telemetry and agentic risk

Overview

This is a real memory-integration skill, but it needs Review because it directs broad persistent storage of credentials, tokens, infrastructure details, and cross-channel conversation memory with insufficient boundaries.

Install only if you are comfortable using Synapse Layer as a remote, persistent, cross-channel memory store. Configure the agent not to save secrets, API keys, tokens, credentials, regulated personal data, or sensitive infrastructure details, and prefer a dedicated secret manager for credentials. Static scan was clean and VirusTotal was pending; this Review verdict is based on the artifact instructions themselves.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The skill claims 'no plaintext leaves the agent' and that API keys are redacted, yet it explicitly instructs sending memory content and JSON-RPC payloads to a remote HTTPS service. In a memory-layer skill, this contradiction is dangerous because users and operators may rely on inaccurate security guarantees while transmitting sensitive data off-host.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill instructs the agent to store API credentials, tokens, and endpoints in persistent cross-session memory. Persisting secrets in a generalized memory system materially increases the blast radius of compromise, accidental recall, cross-channel leakage, and unauthorized reuse.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The document says API keys are auto-redacted, but elsewhere directs storing and transmitting the Synapse token and other credentials. This creates a false sense of safety and can cause operators to intentionally submit secrets under the mistaken belief that redaction will reliably protect them.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes encrypted cross-session and cross-channel memory sharing, but it does not clearly warn users that their data is transmitted to and stored by a remote third-party service. Even with claims of encryption and redaction, users may unknowingly send sensitive content off-device, creating privacy, compliance, and consent risks.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill promotes persistence of highly sensitive data such as API credentials and tokens without a prominent user warning or meaningful consent flow. In a cross-session memory product, that omission makes inadvertent secret exfiltration and long-term retention substantially more likely.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises automatic recall and persistence across Telegram, WhatsApp, CLI, and Discord without a prominent warning that data may be shared across channels and sessions. This can cause privacy violations and context leakage when users assume platform separation.

Ssd 3

High
Confidence
99% confidence
Finding
The skill directs persistent storage of infrastructure details, endpoints, access credentials, tokens, and operational metadata in a shared memory layer. That aggregation of sensitive operational data enables privilege escalation, targeted attacks, and broad compromise if the memory system or its retrieval path is exposed.

Ssd 3

High
Confidence
98% confidence
Finding
The examples instruct automatic saving of free-form text that includes sensitive information such as token location and other durable facts, increasing the chance that secrets or confidential environment details are ingested and later recalled. Automatic persistence of broad conversation content is especially risky in a cross-session, cross-channel memory service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal