ClawHub

Agent Memory System

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory-system design skill, but its examples encourage persistent storage and external processing of conversation memories without enough consent, secrecy, or retention safeguards.

Review before installing or copying the examples into production. Treat the code as a prototype: add explicit opt-in before saving memories, redact passwords/tokens/account secrets, use parameterized SQL, provide review/delete/disable controls, set retention limits, and clearly disclose any external embedding provider that will receive memory text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill includes code that sends memory contents to an external embeddings API and reads an API key from an environment variable, which expands the trust boundary beyond a local memory design helper. In this context, the transmitted text may include sensitive user memories, so the external call is a real privacy and data-handling risk rather than a merely illustrative implementation detail.

Intent-Code Divergence

High
Confidence
97% confidence
Finding
The skill claims sensitive information should be encrypted, but the provided implementation stores raw memory content in SQLite and sends raw content to an external API for embeddings. That mismatch is dangerous because developers may adopt the sample as-is and end up persisting or transmitting sensitive data, including user preferences, account details, or credentials, without adequate protection.

Missing User Warnings

High
Confidence
98% confidence
Finding
The sample workflow automatically stores extracted information from conversations and builds future context from stored memories, but it does not require explicit user notice or consent for persistence or potential external transmission. In a memory skill, this is especially dangerous because users may unknowingly disclose long-lived personal or sensitive information that is later reused across sessions.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill is designed to retain and later reuse user-provided information across sessions, which creates a real privacy and confidentiality risk if sensitive data is captured or surfaced in later contexts. In a memory-system assistant, this danger is amplified because persistence and retrieval are core features, making unintended long-term retention more likely.

Ssd 3

Medium
Confidence
99% confidence
Finding
The importance-scoring example explicitly boosts retention for terms like '账号' and '密码' ('account' and 'password'), which semantically encourages the system to preserve highly sensitive credentials. This is dangerous because it normalizes storing secrets in long-term memory and increases the chance of later leakage, prompt inclusion, or unauthorized access.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal