ClawHub

Continuity Framework

Security checks across malware telemetry and agentic risk

Overview

This is a local continuity/memory helper that intentionally stores reflection questions and identity notes on disk, with no evidence of hidden exfiltration or destructive behavior.

Install only if you want a local, persistent memory layer. Review the configured memory directory, avoid using it for conversations you do not want retained, and enable heartbeat reflection only if background post-session processing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promotes extracting and integrating structured memories, updating self-models, and surfacing future questions, but it does not warn users that prior conversation content will be retained and written into local memory files. This is dangerous because it can silently store sensitive personal, relationship, or project information in persistent artifacts that outlive the original session and may later be reused or exposed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The heartbeat integration documents automatic post-session reflection after idle time, with outputs that update memories and generate questions, but it does not clearly warn that this process runs asynchronously on prior conversations and writes derived data without an active user interaction. That makes the behavior more dangerous because users may reasonably believe the session is over while the system continues processing and persisting potentially sensitive inferences in the background.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill persists reflection output derived from session transcripts to local storage without an explicit consent, disclosure, retention policy, or minimization control. In the context of a continuity/memory skill, users may share sensitive personal, relationship, or operational information that is then retained across sessions and exposed to other local users, backups, or later processing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Conversation-derived questions are written to persistent markdown storage without warning the user that their content will be retained. Because these questions may encode personal context or sensitive discussion topics, persistence increases privacy risk and can unintentionally surface prior sensitive content later.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The identity file stores profile-style data including values, capabilities, and relationships, which is especially sensitive because it creates a durable personal dossier. In a continuity skill specifically designed to accumulate cross-session context, undisclosed local persistence of relationship and identity information materially increases privacy and profiling risk.

Ssd 3

Medium
Confidence
82% confidence
Finding
The design explicitly aims to retain and reuse user-provided conversation content across sessions. In a memory/continuity skill, that behavior is core functionality, but it still creates a real privacy and data-governance risk if retention is enabled by default without strong consent, scoping, and deletion controls.

Ssd 3

Medium
Confidence
90% confidence
Finding
The greeting flow intentionally resurfaces stored prior-conversation material in later sessions, which can reveal sensitive past content to anyone with access to the interface or terminal. In a continuity skill this is expected behavior, but it becomes dangerous without consent, contextual sensitivity checks, and controls over what kinds of content may be resurfaced.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal