ClawHub

memguard

Security checks across malware telemetry and agentic risk

Overview

MemGuard is a disclosed local code scanner with optional license-gated features and user-invoked git hook/baseline commands, with no artifact evidence of exfiltration or hidden destructive behavior.

Install only if you are comfortable with a local scanner reading the code paths you ask it to scan. Run hook install only in repositories where you want MemGuard to modify lefthook.yml and run during future commits; review that file afterward and use hook uninstall if needed. Keep MEMGUARD_LICENSE_KEY and ~/.openclaw/openclaw.json under your control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
The skill writes a new .memguard-baseline.json file into the target repository, which is a state-changing action beyond passive scanning. In environments where skills are expected to be read-only, this can unexpectedly modify working trees, affect CI/pre-commit behavior, or be abused to normalize/suppress future findings by establishing a baseline file.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script reads a license key from an environment variable and a local config file, which means the skill accesses local credentials unrelated to its stated purpose of memory/resource leak scanning. In isolation this is common for licensing, but in an agent skill context it expands data access beyond what users would reasonably expect and could normalize secret harvesting behavior.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The file is almost entirely devoted to JWT parsing, license validation, tier checks, and upsell messaging rather than memory leak detection. This mismatch between declared functionality and actual behavior is dangerous in a skill ecosystem because it hides non-core behavior, reduces transparency, and can be used to justify unnecessary access to local configuration and secrets.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as a scanner, but it also changes repository state by installing and removing Git hooks and editing lefthook.yml. Hidden or under-disclosed write operations are dangerous because users may invoke a seemingly read-only security tool and unintentionally modify project configuration, affecting future commits and developer workflows.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Installing git hooks changes local repository behavior and can block commits or run code automatically on future developer actions. Without an explicit warning and consent flow, users may unintentionally alter their development environment in a way that persists beyond the immediate command.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script accesses a license key from the environment and a user config file without any explicit warning at the point of use. In an agent skill, silent credential access is a security transparency problem because users may not realize the skill is inspecting local secrets/configuration, even if the immediate use is only license enforcement.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The hook installation path writes or appends to repository configuration without asking for user confirmation or showing a dry-run diff first. In a security-tool context, silent modification of Git hook configuration can surprise users, disrupt team workflows, and create persistence for future command execution on commits.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal