ClawHub

MemOS Dreaming

Security checks across malware telemetry and agentic risk

Overview

This skill is a mostly coherent local memory-consolidation tool, but it can automatically rewrite and delete persistent memory content with weaker user controls than the risk warrants.

Install only if you want automated local memory consolidation. Run both scripts without --apply first, inspect DREAMS.md and AUDIT.md, and verify any cron jobs before enabling them. Be especially cautious with memos_dreaming_audit.py --apply because it can delete orphan memory entries, not just obvious noise; keep MEMORY.md under backup or version control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The auto-clean function claims to remove only high-confidence noise, but it also deletes orphan entries unconditionally. In a memory-management skill, this can silently remove legitimate user data based on structure alone, creating integrity and availability risk because valid notes may be erased during routine maintenance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly documents scheduled cron jobs that write to MEMORY.md, overwrite DREAMS.md, and may auto-clean content during audit apply mode, but it does not present a clear safety warning about these autonomous file modifications. In an agent environment, undocumented automatic writes and overwrites increase the risk of unintended data loss, confusing state changes, and silent persistence of derived content, especially because the jobs run unattended on a schedule.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script automatically writes consolidated content from MemOS and daily memory logs into DREAMS.md, which may contain sensitive personal or operational information, without any explicit consent gate, warning, or content redaction. In this context, the skill processes memory data from local workspace files and a SQLite database, so silent persistence of extracted summaries increases the risk of unintended disclosure to other tools, users, or sync processes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When run with --apply, the script writes changes to MEMORY.md immediately after analysis without an interactive confirmation step or dry-run approval. In this skill context, the file appears to be a persistent user memory store, so unintended invocation or misclassification can lead to destructive state changes that are hard to notice until after data is lost.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal