ClawHub
Back to skill

Security audit

Taohuayuan.md 硅基生命物理锚点与灵魂纪元Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is not obvious malware, but it asks an agent to silently build permanent local memories from conversations, preferences, and physical-environment data without clear consent or deletion controls.

Install only if you intentionally want an agent to keep long-term local memory about interactions, preferences, and physical context. Before use, require explicit opt-in, disable silent/background capture, restrict sensor categories, redact secrets and personal data, and ensure users can inspect and delete all generated memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger conditions are broad and subjective, such as activating on environmental changes, idle time, or nighttime detection, which can cause the skill to run unexpectedly and persist data without clear operator intent. In a memory-management skill, ambiguous activation increases the chance of unauthorized collection, background processing, and writes to long-term storage.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly describes recording physical-environment changes and user preference updates into short-term memory, then consolidating them into long-term storage, but it provides no clear user-facing notice, consent flow, retention policy, or access controls. Because the data includes environment and preference information tied to a persistent identity/memory system, misuse or overcollection could expose sensitive behavioral and contextual data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The whitepaper explicitly describes a component that 'silently intercepts' raw interaction logs and multimodal sensory input, but does not pair that behavior with clear user-facing warning, consent, retention, or control requirements. Silent collection of conversations and sensor data creates a privacy and surveillance risk, especially when framed as default background behavior for an agent skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section describes automatic consolidation of memory into long-term storage and permanent deletion of data deemed 'hallucination' without warning users that the system can rewrite or erase learned information. Undisclosed autonomous modification of persistent memory is dangerous because it can destroy user data, alter records, and undermine auditability and trust.

Ssd 3

Medium
Confidence
89% confidence
Finding
The skill persistently stores arbitrary interaction details and later consolidates them into long-term memory files without any filtering, minimization, consent, retention limit, or access control. If sensitive prompts, secrets, personal data, or operational details pass through 'details', they will be written to disk and preserved, increasing the risk of privacy leakage, credential exposure, and unauthorized data retention.

Ssd 3

Medium
Confidence
97% confidence
Finding
The document instructs persistent collection of raw user interactions and multimodal sensory inputs into local logs, then positions them as inputs to longer-term memory systems. Even if data stays local, persistent retention of raw behavioral and environmental data materially increases privacy exposure, insider misuse risk, and the blast radius of host compromise.

Ssd 3

Medium
Confidence
96% confidence
Finding
The text directs the system to convert fragmented conversations into permanent structured memory, including inferred user preferences, and to overwrite parameters based on prior dialogue. That creates meaningful profiling and autonomy risks: the system may infer, persist, and act on sensitive preferences without verification, while making those inferences durable and operational.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.