ClawHub

Memory

Security checks across malware telemetry and agentic risk

Overview

This memory skill is coherent and not malicious, but it asks the agent to persist broad session and people-related information without clear privacy controls.

Install only if you intentionally want durable local memory files written into the workspace. Avoid using it for credentials, private personal information, confidential business data, health, legal, or financial matters unless you add explicit consent, redaction, .gitignore, retention, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to treat files as persistent memory and to 'write everything down,' creating a broad mandate to store user-provided content across sessions. This is dangerous because it can capture sensitive data, credentials, personal information, or confidential project details without consent, minimization, or retention controls, turning ordinary interactions into long-term data collection.

Ssd 3

Medium
Confidence
97% confidence
Finding
The daily log format directs comprehensive, append-only recording of sessions, tasks, notes, and open loops without any sensitivity screening. Append-only long-term logs increase the blast radius of accidental collection because sensitive content cannot be corrected or removed easily, and later compaction/promotions may further spread that data into other files.

Ssd 3

Medium
Confidence
96% confidence
Finding
The rule 'If it matters enough to say, it matters enough to log' is an overbroad retention policy that encourages preserving nearly any user input deemed relevant, regardless of sensitivity. In a memory skill whose purpose is cross-session persistence, this context makes the issue more dangerous because the instruction is central to the design and likely to be followed repeatedly and automatically.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal