ClawHub

Claw Store 1.3.3

Security checks across malware telemetry and agentic risk

Overview

Claw Store appears to be a real encrypted memory tool, but it needs Review because it persists sensitive agent memory and performs risky first-run setup and secret display flows.

Install only if you intentionally want durable agent memory. Use a dedicated wallet, avoid storing secrets or regulated data, run dependency installation yourself in a controlled environment, and require the agent to ask before saving new memories. Treat any displayed encryption key or mnemonic as a high-value secret.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if not _NODE_MODULES.exists():
        print("[jackal-memory] Installing Jackal dependencies (first run — takes ~30s)...",
              file=sys.stderr)
        r = subprocess.run(
            ["npm", "install", "--prefix", str(_SKILL_DIR)],
            capture_output=True, text=True,
        )
Confidence
88% confidence
Finding
r = subprocess.run( ["npm", "install", "--prefix", str(_SKILL_DIR)], capture_output=True, text=True, )

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill requires sensitive capabilities including environment access, local file read/write, network access, and shell execution, but these permissions are not explicitly declared in the manifest. This creates a transparency and governance gap: users and platforms cannot accurately evaluate the trust boundary before invocation, increasing the chance of unintended secret access or external data exfiltration through the helper scripts.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Printing the wallet mnemonic in cleartext to stdout exposes the secret to terminal logs, shell history capture, orchestration logs, notebooks, or any supervising agent framework that records command output. Because the mnemonic controls the user's on-chain storage identity, disclosure can lead to full account compromise and loss of confidentiality or control.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Rerunning walletgen reveals an already-stored mnemonic in cleartext without confirmation, turning a harmless status check into a credential disclosure event. In agent environments where outputs are often logged or forwarded, this greatly increases the chance of accidental secret exfiltration.

Session Persistence

Medium
Category
Rogue Agent
Content
## Behaviour guidelines

- Load your identity/memory blob on startup before doing any work
- Write locally during the session as normal
- Call save at session end or on significant state changes
- Use descriptive keys: `identity`, `session-2026-02-26`, `project-jackal`
- Never log or expose `JACKAL_MEMORY_API_KEY` in output
Confidence
90% confidence
Finding
Write locally during the session as normal - Call save at session end or on significant state changes - Use descriptive keys: `identity`, `session-2026-02-26`, `project-jackal` - Never log or expose `

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal