ClawHub

TurboQuant Memory

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with local embedding compression, but it under-discloses native SQLite extension loading and database mutation risks.

Review before installing or running. Use this only on databases you intentionally choose, avoid sensitive production memory stores unless you are comfortable with local processing and possible terminal/log exposure, back up the database before --migrate, and only use --vec-ext or SQLITE_VEC_PATH with a sqlite-vec library you already trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
In benchmark mode, the script prints example text snippets pulled directly from the memory database. That creates an unintended data-disclosure path: anyone running the benchmark against a sensitive RAG or memory store may expose private memory contents to logs, terminals, or calling systems, even though benchmarking search quality does not require revealing raw text.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script enables SQLite extension loading and then loads a native library from either a user-supplied CLI argument or an environment-derived path. Loading an arbitrary SQLite extension executes native code in the current process, so if an attacker can influence --vec-ext or SQLITE_VEC_PATH they can achieve code execution, which is far beyond the stated validation/numpy-only purpose.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation presents a '--migrate' command immediately after a benchmark command without warning that it may alter the target memory database. In a skill designed to operate on production memory/RAG stores, this increases the chance of accidental destructive or irreversible modification, especially if users copy-paste commands from the quick start.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Migration mode performs persistent writes to the target SQLite database by creating and populating a quantized_embeddings table, but the CLI does not provide a strong warning, confirmation step, or dry-run before modifying the database. In environments where users point the tool at production memory stores, this increases the risk of unintended state changes, database growth, lock contention, or operational disruption.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code accepts an extension path from --vec-ext or SQLITE_VEC_PATH and passes it to conn.load_extension after enabling extension loading. Because SQLite extensions are native shared libraries, this is effectively arbitrary code execution if an attacker can influence the path, and the script provides no meaningful trust boundary or warning.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal