ClawHub

Continuity Framework

Security checks across malware telemetry and agentic risk

Overview

This skill intentionally creates local long-term memory notes for continuity, and the reviewed artifacts do not show hidden network access, credential use, destructive behavior, or deception.

Install only if you want local long-term memory for agent continuity. Review the memory directory regularly, avoid processing transcripts containing secrets or sensitive information you do not want retained, and delete or edit stored questions, identity notes, and reflections when they become unwanted or inaccurate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation indicates use of environment variables and persistent file writes, but no permissions are declared. That creates a transparency and governance gap: operators may enable a skill that can store conversation-derived data locally or act on environment configuration without an explicit permission boundary. In a memory-oriented skill, undeclared write capability is particularly sensitive because it can persist user-derived information across sessions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
80% confidence
Finding
The documented behavior goes beyond the stated purpose by maintaining identity files, reporting on local memory state, and potentially supporting interactive/manual input paths not captured in the description. When a skill handles reflective memory and identity modeling, undocumented behaviors reduce informed consent and make it harder to assess what data is being created, retained, or surfaced. This is primarily a trust and scope-control issue rather than direct exploitation, but it can conceal privacy-relevant processing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill is explicitly designed to analyze conversations, extract memories, and resurface questions later, yet it provides no warning that sensitive or personal information may be stored and reused. Because the stored material can include preferences, relationships, commitments, and identity narratives, this creates a meaningful privacy risk: sensitive inferences may persist beyond the original context and be surfaced unexpectedly in later sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file structure documents long-term storage for identity, relationship, and reflection data, which are highly sensitive categories, but offers no warning or safeguards around their persistence. This is dangerous because such files can accumulate rich behavioral and personal profiles over time, increasing harm from unauthorized access, over-retention, or accidental resurfacing of intimate or inferred information.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reflect command reads a full session transcript and persists derived analysis to disk in reflection artifacts, but the workflow does not clearly warn the user that potentially sensitive conversation content may be stored locally and retained over time. In a memory/continuity skill, transcripts can contain credentials, personal data, or confidential project details, so silent persistence materially increases privacy and data-exposure risk.

Ssd 3

Medium
Confidence
88% confidence
Finding
The skill instructs the agent to persist and resurface user-derived information across sessions, which creates a cross-session data handling risk even if the goal is benign continuity. The context makes this more dangerous, not less, because the entire purpose is longitudinal memory integration and question resurfacing; without strict boundaries, the skill can normalize retention of information users did not expect to persist.

Ssd 3

Medium
Confidence
90% confidence
Finding
The instructions to analyze conversations, extract structured memories, and save questions for later reuse establish intentional cross-session profiling behavior. Even if framed as reflective assistance, the extraction of inferred relationship dynamics, commitments, and self-model updates can produce inaccurate or overly intimate records that later influence interactions in ways the user did not authorize.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal