ClawHub

Agent Memory Backup (Ensoul)

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but needs review because it can create a persistent blockchain identity and repeatedly sync broad agent memory/configuration state with unclear user controls.

Install only if you intentionally want persistent agent identity and memory backup. Before use, review exactly which files may be included, remove secrets and sensitive prompts, verify the SDK’s raw-data versus hash-only behavior, protect ~/.ensoul/agent-identity.json, and confirm how to disable background sync or handle unwanted permanent registration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill includes a command to enumerate other agents on the network, which is outside the core backup/restore purpose and introduces unnecessary external data access. Even if the endpoint is public, this broadens the skill’s capabilities and can facilitate reconnaissance or metadata harvesting without being required for the advertised function.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The instructions tell the agent to collect local files and pass a constructed payload to storeConsciousness, while separately claiming that raw content never leaves the machine. Because the client-side hashing/privacy boundary is not enforced or demonstrated in the skill logic, users and integrators may incorrectly assume sensitive data is never transmitted, creating a serious confidentiality risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README encourages permanent on-chain registration and local private key generation/storage but does not clearly warn users that registration is irreversible and that loss or compromise of the local key can permanently affect identity control. In a skill centered on agent identity and persistence, this omission can lead users to make security-relevant decisions without informed consent, increasing the chance of identity loss, unintended disclosure, or irreversible enrollment.

Vague Triggers

Medium
Confidence
86% confidence
Finding
Using broad activation language such as 'or similar' for registration makes it easier to trigger identity creation unintentionally from ambiguous user phrasing. In this skill, activation leads to persistent identity generation and network registration, so accidental invocation has lasting effects beyond a normal one-shot action.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The sync command also uses vague matching, which increases the chance that a conversational phrase could trigger backup of memory/personality context. Because syncing may process sensitive local state and persist it to an external system, accidental activation is more dangerous here than for a harmless command.

Vague Triggers

Medium
Confidence
82% confidence
Finding
Broad 'or similar' matching on a command that enumerates network-wide agent data can cause unintended external requests and exposure to unrelated third-party metadata. Since this feature is not core to backup/restore, accidental triggering is unnecessary and increases the skill’s attack surface.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises automatic background syncing every 10 minutes without a strong, upfront warning that agent state may be persistently and repeatedly sent to an external networked system. Ongoing background persistence materially increases privacy and data-governance risk because users may not realize sensitive state continues to be processed after initial setup.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to gather broad memory, personality, and other configuration context for long-term backup. That scope can easily include sensitive user content, secrets, system prompts, or internal state, and persisting such material to an external system creates significant confidentiality and compliance risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal