ClawHub

simple-memory-skill

Security checks across malware telemetry and agentic risk

Overview

This skill stores AI memory locally in plaintext as advertised; it needs privacy care but shows no hidden network, credential, or destructive behavior.

Install only if you intentionally want persistent local memory for an AI agent. Do not store passwords, API keys, health or financial data, or sensitive business details unless you accept plaintext local storage, and consider excluding SESSION-STATE.json, MEMORY.md, and memories/ from git, backups, and sync tools.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README explicitly instructs agents to write user-provided information into SESSION-STATE.json and persistent memory files, but it does not require notice, consent, or filtering for secrets and sensitive content. That creates a real privacy and data-retention risk because users may reasonably assume they are only chatting, while the agent silently persists their messages to disk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The WAL protocol says to save memory before responding, normalizing automatic retention of user inputs without warning or consent. This is dangerous because it encourages broad, default capture of conversational data, including potentially sensitive corrections, preferences, deadlines, or other private information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs agents to persist user preferences and context to local files without any user-facing warning about retention, sensitivity, or review. This creates a privacy risk because users may share secrets, personal data, or regulated information that gets silently written to disk and retained beyond the current session.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The library persists arbitrary memory content to local JSON files automatically, but there is no notice, consent mechanism, retention control, or sensitivity filtering. In an agent context, users may provide secrets, personal data, or confidential task context assuming it is ephemeral, so silent persistence can create privacy and data exposure risk if the filesystem is later accessed by other users, tools, backups, or malware.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Session state is silently written to SESSION-STATE.json, which can contain current tasks, context, pending actions, and recent decisions—often the most sensitive operational data in an agent workflow. Because this persistence happens without user-facing disclosure or consent, it can unexpectedly leak confidential project details or personal information to local disk and any process or person with access to that directory.

Ssd 3

Medium
Confidence
95% confidence
Finding
These agent instructions operationalize persistent capture of user-shared information before responding, which increases the chance of storing personal, confidential, or regulated data in plain local files. Even though storage is local, the risk remains because local files can be exfiltrated, committed to source control, shared accidentally, or accessed by other local processes/users.

Ssd 3

Medium
Confidence
96% confidence
Finding
The write-ahead logging guidance makes persistent storage the default behavior for user inputs, which broadens retention beyond what is necessary for most conversations. This can lead to overcollection and long-lived storage of sensitive context that users did not expect would be retained.

Ssd 3

Medium
Confidence
95% confidence
Finding
The instructions tell the agent to write user-provided information to local memory by default before responding, which encourages indiscriminate retention. In practice, this can capture API keys, credentials, personal preferences, project secrets, or sensitive business context and leave them in plaintext local storage where other users, processes, backups, or later prompts may access them.

Ssd 3

Medium
Confidence
94% confidence
Finding
The system-prompt guidance normalizes continuous accumulation of user data whenever preferences are shared, creating an always-on retention channel. This increases the chance of overcollection, privacy violations, and unintended reuse of prior sensitive context in later interactions.

Ssd 3

Medium
Confidence
96% confidence
Finding
The write-ahead logging policy requires saving user statements before responding, which makes broad retention mandatory rather than optional. That design is risky because it prioritizes persistence over data minimization and can store sensitive input even when it is unnecessary for task completion.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal