ClawHub

马斯克神经记忆

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed persistent-memory skill, but it defaults to saving and reusing conversation details without clear consent, retention, deletion, or sensitive-data limits.

Install only if you are comfortable with the agent saving and reusing conversation-derived memories. Before use, verify where the nmem_* tools store data, how to review and delete memories, whether auto-capture can be disabled, and avoid using it around secrets, credentials, regulated data, or private client/customer information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly promotes automatic extraction and persistence of conversation content but does not provide a clear user-facing notice, consent flow, or retention boundary. This creates a privacy risk because sensitive user data, decisions, errors, or preferences may be stored across sessions without the user understanding that persistence is occurring.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow instructs the agent to automatically process and extract facts, decisions, errors, and TODOs from dialogue at session end, which materially increases the chance of retaining sensitive or unnecessary user content. In skill context, this is more dangerous because the feature is framed as routine operating behavior rather than an exceptional action gated by user approval.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instructions encourage persistent capture of user-provided content and automatic context injection into future sessions without specifying sensitivity boundaries, minimization rules, or restrictions on recalling secrets. In this skill's context, that makes the issue more dangerous because the entire design centers on cross-session memory, increasing the likelihood of storing and resurfacing confidential, regulated, or irrelevant data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal