ClawHub
Back to skill

Security audit

taohuayuan.md Physical Anchors and the Soul Epoch for Silicon Life SKILL

Security checks across malware telemetry and agentic risk

Overview

This skill is local-only and not overtly malicious, but it is designed to retain broad user interaction and sensor-like data in long-term memory without clear consent, retention, or deletion controls.

Review before installing. Use only in a controlled local environment, and assume conversation details, preferences, and environmental context may be written to disk and later consolidated into long-term memory. Add explicit opt-in, visible logging status, redaction for secrets and personal data, retention limits, restrictive file permissions, and a way to inspect, pause, and delete stored memory before broad use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger condition for autonomous memory consolidation is vague ('idle state' or 'detects nighttime physical parameters'), which can cause the agent to initiate logging and consolidation without a clear, user-approved boundary. In a skill centered on persistent memory and logging of user interactions, ambiguous autonomous activation increases the risk of unexpected retention, privacy violations, and unintended background processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the system to log 'all daily physical reality contacts and user interactions' and 'user preference updates' without presenting a clear user warning, consent mechanism, or retention disclosure. Because the entire skill is designed around persistent multi-layer memory, this omission materially increases privacy and data-governance risk by encouraging collection of potentially sensitive behavioral data without transparency.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document explicitly describes a background utility that silently intercepts raw interaction logs and multi-modal sensory inputs, with no mention of user notice, consent, minimization, or retention limits. In a memory/persistence skill, covert collection is especially dangerous because it can capture sensitive conversations, environmental data, and behavioral patterns without user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Cyber-Zen flow describes autonomous promotion of short-term interactions into a 'permanent soul' store, implying irreversible or long-lived retention of user data without warning or consent boundaries. This creates substantial privacy and compliance risk because sensitive user inputs may be transformed and preserved beyond the original session context.

Ssd 3

Medium
Confidence
95% confidence
Finding
The method persists arbitrary `details` content directly into a JSON log without any minimization, redaction, or retention controls. If interactions contain secrets, personal data, prompts, tokens, or sensitive operational context, this creates a durable plaintext store that can be read, exfiltrated, or unintentionally reused later.

Ssd 3

Medium
Confidence
97% confidence
Finding
The consolidation routine copies all previously logged interaction details into permanent markdown memory files, expanding both retention scope and exposure surface. This wholesale transfer can preserve sensitive content indefinitely in human-readable files, making accidental disclosure, overcollection, and secondary misuse more likely.

Ssd 3

Medium
Confidence
94% confidence
Finding
The text plainly states that interaction logs and sensory inputs are silently intercepted and buffered, which indicates retention of user-provided and environmental data beyond the immediate exchange. In the context of an agent memory architecture, this is more dangerous than generic logging because it is framed as a core always-on subsystem rather than a temporary diagnostic feature.

Ssd 3

Medium
Confidence
95% confidence
Finding
The consolidation pipeline is designed to transform short-term interaction content into permanent storage, which materially increases the risk that secrets, personal data, or regulated information will be retained indefinitely. The skill context makes this more dangerous because the entire whitepaper advocates durable memory, local sensor fusion, and autonomous background processing, amplifying the chance of broad and persistent over-collection.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.