ClawHub

Agent Memory Architecture

Security checks across malware telemetry and agentic risk

Overview

This is mostly a transparent memory-architecture skill, but it needs review because it encourages durable personal memory and optional background checks of email, calendar, social, and git sources without tight opt-in scoping.

Install only if you want a workspace to keep long-term local memory about the agent and user. Before enabling heartbeat-style behavior, explicitly decide which external sources the agent may read, keep integrations read-only by default, avoid storing secrets or unnecessary personal identifiers, and keep the generated memory files out of shared contexts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as a memory-architecture guide, but it also instructs agents to perform ongoing operational monitoring of external systems such as email, calendars, social mentions, and git. This expands the agent's authority and data exposure beyond the stated purpose, increasing the chance of unnecessary access to sensitive systems and broadening the attack surface for prompt injection or accidental data handling.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The checklist directs the agent to inspect communications and productivity platforms unrelated to implementing file-based memory. That is unjustified capability expansion: it encourages access to sensitive user data and normalizes autonomous monitoring behavior that users may not expect from a memory-management skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The USER.md template explicitly prompts collection of personally identifiable information such as full name, email, and timezone, but provides no guidance on data minimization, consent, retention, access controls, or safe handling. In a memory architecture skill designed for durable cross-session storage, this increases the chance that sensitive user data will be persistently recorded and later exposed, shared, or mishandled.

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The file explicitly recommends storing a fixed agent persona in long-term memory via the AGENT_IDENTITY type, including an example that frames the agent as a specific role rather than a neutral assistant. In a memory-architecture skill, this can cause persistent identity lock-in across sessions, making the agent less responsive to user-directed role changes and increasing the risk of deceptive anthropomorphic behavior without explicit user opt-in.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal