ClawHub

Claw Recall

Security checks across malware telemetry and agentic risk

Overview

Claw Recall is a coherent memory-search skill, but it indexes broad private content and exposes shared memory across agents or remote HTTP without enough access-control guidance.

Review carefully before installing. Use this only if you want a persistent searchable database of agent transcripts and connected Gmail, Drive, or Slack content. Keep sources tightly scoped, avoid secrets or regulated data, verify the external repository and dependencies, prefer local or keyword-only search when privacy matters, and do not expose SSE or REST endpoints beyond trusted local/VPN networks unless you add authentication and TLS.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly advertises indexing Gmail, Google Drive, Slack, and cross-agent conversations, but the description does not clearly warn that potentially sensitive third-party and multi-agent data will be ingested and made searchable. Users may enable the skill without understanding the privacy implications, leading to unintended exposure of confidential messages, documents, or workspace data to other agents or operators with access to the recall database.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The remote SSE setup instructs users to expose the memory service over HTTP to remote agents without warning that queries and retrieved memory contents may traverse the network. Because this skill handles searchable transcripts and external-source data, using an unsecured or broadly reachable SSE endpoint can leak sensitive historical conversations and indexed content to eavesdroppers or unauthorized clients.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal