ClawHub

Session Sync

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to keep chat sessions in sync, but it gives the agent broad automatic access to conversation history and persistent memory files without enough user control.

Install only if you are comfortable with the agent reading recent history from other sessions and writing shared long-term memory files. Before using it with sensitive work, add clear opt-in commands, review/confirmation before writes and cleanup, and rules that prevent secrets, personal data, or channel-specific confidential information from being copied into shared memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase "同步记忆" is broad and likely to appear in normal conversation, which can cause the skill to activate unintentionally. Because this skill reads session history and memory files, accidental activation could expose or propagate sensitive context across channels without the user intending to invoke synchronization.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The phrase "更新状态" is ambiguous and could be interpreted as a routine conversational request rather than a command to modify persistent shared state. Unintended execution may overwrite SESSION-STATE.md with inaccurate or sensitive information, affecting other sessions that rely on that file.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger "整理记忆" is not specific enough to reliably signal informed user intent for long-term memory consolidation. Since the skill encourages moving content into MEMORY.md without sensitivity filtering, accidental invocation can cause unnecessary retention of private or irrelevant conversation data.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The phrase "清理日志" is vague and may be triggered during ordinary discussion, but it initiates a filesystem-modifying retention action. Accidental execution can archive active or needed logs, reducing availability of context and potentially causing loss of visibility if users are not clearly warned.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs automatic archival of memory logs and references a cleanup script without a clear, prominent warning that user data files will be moved as part of routine operation. Silent modification of persistent files is risky because users may not realize retention policies are being applied, and active context may become harder to locate or recover.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instructions require broad logging of task activity, decisions, and new information across sessions and channels, then direct the agent to read other sessions’ histories to reconstruct context. In a multi-channel environment, this creates a substantial risk of leaking sensitive information from one conversation context into another, especially because there are no rules for consent, minimization, channel separation, or secret handling.

Ssd 3

Medium
Confidence
95% confidence
Finding
The guidance to consolidate valuable daily log content into MEMORY.md encourages indefinite retention of unspecified conversation material without any sensitivity review. Long-term storage increases the blast radius of any future disclosure and makes accidental reuse of private information across unrelated sessions more likely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal