ClawHub

Session Sync

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides cross-session memory sharing, but it grants broad persistent access to conversation history and state across channels without clear per-session consent or containment.

Install only if you intentionally want the agent to share memory across sessions and channels. Avoid it for sensitive work unless you are comfortable with conversation details, task state, decisions, channel names, and session identifiers being written to shared persistent files and reused in later sessions. Review or restrict the memory directory and prefer explicit user confirmation before syncing, consolidating, or archiving logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs automatic archival of stored logs on session startup and via a cleanup script, but provides no explicit user confirmation, preview, or safety guard before modifying persisted data. In an agent context, automatic file-moving operations can surprise users, break auditability, or cause unintended retention changes and data loss if the archive process is wrong or overly broad.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "更新状态" is common conversational language and may be activated during ordinary dialogue rather than as an intentional command. Because this command writes shared persistent state, accidental invocation could cause unintended data persistence, overwrite session state, or record sensitive content without clear user intent.

Vague Triggers

Low
Confidence
83% confidence
Finding
The phrase "整理记忆" is ambiguous and lacks strong invocation boundaries, so it may be interpreted from normal discussion rather than an explicit tool command. Since this action can promote logged content into long-term memory, accidental activation could preserve sensitive or low-quality information beyond the user's expectations.

Ssd 3

High
Confidence
97% confidence
Finding
The skill explicitly directs the agent to read and reuse context from other active sessions and shared memory files across channels. This creates a real cross-session data leakage risk: sensitive content from one conversation may be exposed in another channel or session without user awareness, violating context separation and least-privilege expectations.

Ssd 3

High
Confidence
98% confidence
Finding
The skill mandates logging broad categories such as new information, important decisions, task starts/completions, and topic changes into persistent files. This creates excessive retention of potentially sensitive user content and metadata, increasing the blast radius of compromise and making unintended disclosure across sessions much more likely.

Ssd 3

Medium
Confidence
95% confidence
Finding
The session-state template stores channel names, session keys, task status, decisions, and follow-up items in a shared persistent file. Even if meant for operational continuity, this centralizes identifiable metadata and workflow details that can reveal user activity across channels and enable correlation of separate sessions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal