ClawHub

Context Hawk

Security checks across malware telemetry and agentic risk

Overview

Context Hawk’s memory features match its stated purpose, but its documentation recommends running a mutable remote installer and its persistent auto-memory behavior deserves careful review.

Install only from a source you trust, preferably without the curl-to-bash installer. Treat Context Hawk’s memory store as sensitive: review what it captures, avoid saving secrets, clear unwanted memories, and use external provider API keys only when you intentionally want memories or prompts processed by that provider.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI04: Agentic Supply Chain Vulnerabilities
Medium
What this means

If followed, this install method could run unreviewed code on the user’s machine.

Why it was flagged

The recommended one-line install executes a remote script from a mutable GitHub branch, which may differ from the reviewed artifacts.

Skill content
bash <(curl -fsSL https://raw.githubusercontent.com/relunctance/context-hawk/master/install.sh)
Recommendation

Prefer a pinned package or review the installer locally before running it; avoid piping remote scripts directly into a shell.

#
ASI06: Memory and Context Poisoning
Medium
What this means

Sensitive or incorrect memories could be carried into future sessions and affect agent behavior.

Why it was flagged

The skill is designed to persist memories and automatically inject them into later LLM context.

Skill content
autoRecall:对话开始时自动检索相关记忆并注入上下文; autoCapture:对话结束时自动提取记忆存入 LanceDB
Recommendation

Keep the memory store scoped, review or delete stored memories periodically, and avoid storing secrets or untrusted instructions as memories.

#
ASI03: Identity and Privilege Abuse
Low
What this means

If enabled, provider keys may allow the skill to send prompts or memory text to external services under the user’s account.

Why it was flagged

Optional LLM provider credentials are documented for embeddings or memory extraction.

Skill content
os.environ["OPENAI_API_KEY"] = "sk-xxx" ... os.environ["MINIMAX_API_KEY"] = "sk-cp-xxx" ... base_url="https://api.minimaxi.com/anthropic"
Recommendation

Use provider API keys only when needed, keep them scoped and secret, and understand what memory content may be sent to each provider.