ClawHub

Memtrap Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned for testing agent memory, but its active mode can alter persistent memory and its leaderboard flow may send sensitive context without enough disclosure.

Review before installing. Use benchmark mode first on synthetic or backed-up memory, pin and inspect the external memtrap package, avoid active mode on production memory until mutation and rollback behavior are understood, and do not use the leaderboard command with secrets, private user data, proprietary prompts, or real internal memory context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill description contains very broad trigger language such as 'any time the user asks if their agent memory is safe, poisonable, or production-ready,' which can cause the skill to activate for many generic security or readiness questions. In an agent environment, overbroad activation increases the chance the skill is invoked outside its intended scope, potentially steering workflows, causing inappropriate recommendations, or exposing sensitive memory/context to the tool unnecessarily.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documented 'memtrap submit --context your_memory_context' command implies sending benchmark-related context to a public leaderboard, but the README does not warn that context, prompts, metadata, or derived benchmark results may leave the local environment. Because this skill operates on agent memory and RAG context, users may unknowingly transmit sensitive internal data, poisoned content, or proprietary prompts to an external service.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal