ClawHub

collective-memory

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what its collective-memory purpose says: persist user-provided notes across agents, but users should be careful because the trigger phrases are broad.

Install only if you want an agent to write shared memory notes across agents or workspaces. Use explicit commands, avoid sending sensitive information unless you intend it to be remembered broadly, and prefer a runtime that previews the target memory files before committing changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README advertises highly generic trigger phrases like 'broadcast this to all my agents' that can overlap with ordinary conversational requests. In agent runtimes that auto-activate skills from natural language, this increases the chance of unintended invocation of a file-writing capability across multiple workspaces, which can cause broad, user-unexpected state changes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The Chinese trigger phrases are similarly broad and conversational, such as '大家都记一下' and '让他们都记住', without clearly signaling that a multi-workspace file modification tool will run. In multilingual agent environments, this ambiguity raises the risk of accidental activation and mass propagation of notes into memory files.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include broad natural-language requests like 'remember this everywhere' and 'tell every agent' that may match ordinary conversation and activate the skill unintentionally. Because the skill performs multi-target file writes, accidental activation can persist unintended content across several agent workspaces.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal