ClawHub

Memory Compactor

Security checks across malware telemetry and agentic risk

Overview

This skill is review-worthy because it can automatically rewrite or remove persistent memory without clear confirmation, preview, backup, or rollback safeguards.

Install only if you intentionally want an agent to compact long-term memory. Prefer manual use, require a preview or diff before changes, keep versioned backups, and avoid scheduled or threshold-based cleanup until retention rules and restore behavior are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manual trigger phrase “整理记忆” is broad and does not require explicit confirmation, target scope, or a dry-run preview before modifying memory files. This creates a realistic risk of accidental invocation during ordinary conversation, causing unintended compression or deletion of stored information.

Missing User Warnings

High
Confidence
94% confidence
Finding
The skill description presents automatic cleanup and compression as a feature but does not warn users that stored memory files may be altered or information removed. Because the skill operates on long-term memory, missing disclosure undermines informed consent and can lead to irreversible loss of important context, preferences, or audit history.

Missing User Warnings

High
Confidence
96% confidence
Finding
Scheduled and threshold-based automatic execution allows unattended modification of memory files without a user-facing warning, approval gate, or mention of rollback safeguards. In the context of a memory-management skill, this is especially dangerous because compression and cleanup can silently discard data, propagate summarization errors, or erase information needed for future decisions.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal