ClawHub

Athena Protocol

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only personal assistant framework whose memory and heartbeat behavior is disclosed and aligned with its purpose, but users should scope what it may remember or inspect.

Install only if you want a persistent, proactive assistant setup. Before copying sections into AGENTS.md, SOUL.md, or HEARTBEAT.md, define what may be remembered, require approval before changing config or skill files, exclude secrets and sensitive records, and scope any email, calendar, project, or memory access to accounts you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The phrase "When someone says 'remember this'" is a broad natural-language trigger that can cause the agent to persist information based on ambiguous conversational input rather than explicit, scoped consent. In a memory skill, that creates a real risk of over-collection and unintended storage of sensitive or private data, especially if users are unaware that such phrases trigger file writes.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
These instructions direct the agent to write conversational content to persistent files but provide no retention limits, sensitivity filters, or privacy notice. That makes accidental storage of secrets, personal data, or regulated information more likely, and the harm can persist across sessions because the data is deliberately retained.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The startup protocol instructs automatic reading of identity and memory files at session start, which can expose prior-user context or sensitive notes without fresh user awareness or contextual need. In multi-user, shared, or delegated-agent settings, automatic preload increases the chance of privacy leakage, inappropriate data reuse, and cross-context contamination.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal