ClawHub

Memory Layered

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory-management prompt skill, but users should understand it may store personal and project details in local files.

Install only if you want your agent to maintain local long-term memory. Before using it, decide what categories must never be stored, review the memory files periodically, and avoid storing secrets, credentials, regulated personal data, or confidential business details unless you have a clear retention and deletion process.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes persistent cross-session storage of user preferences and project state, but provides no consent, retention, or sensitivity boundaries. This can lead agents to silently retain personal or confidential information beyond user expectations, creating privacy and compliance risk even if the skill is intended for productivity.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The SWS workflow instructs automatic deletion of entries marked stale after 7 days, but does not require notifying the user or confirming that the data is safe to remove. This creates integrity and auditability risks because useful or important history may be removed silently, and users may not understand that memory is being pruned automatically.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The forgetting mechanism automatically archives learning entries after 30 days without informing users about the retention transition or how discoverability changes after archival. While archival is less severe than deletion, it can still undermine transparency and create unexpected loss of access in operational workflows.

Ssd 3

Medium
Confidence
96% confidence
Finding
These instructions direct the agent to build topic files that may contain identity, preferences, and project information, effectively persisting personal data in local files. The danger is increased by the lack of minimization, sensitivity filtering, access controls, or consent requirements, making over-collection and plain-text exposure likely.

Ssd 3

Medium
Confidence
97% confidence
Finding
The workflow tells the agent to append new conversation information into persistent files after every dialogue, which encourages indiscriminate retention of user content. In context, this is more dangerous because the skill is specifically designed as an always-on memory layer, so sensitive data may be captured routinely without review.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill advertises remembering user preferences and project state across sessions as a core use case, but does not define privacy boundaries, purpose limitation, or user control. This framing normalizes long-term collection and reuse of user-related data, which can conflict with least-privilege memory practices.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal