ClawHub

Session Memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory tool, but it needs review because it stores and replays plaintext memories and has script input-handling bugs that crafted inputs could abuse.

Install only if you are comfortable keeping agent memories as local plaintext files. Do not store API keys, passwords, tokens, or raw sensitive details in this memory; use vault references instead. Avoid letting untrusted prompts, imported backups, or external content choose script arguments until the input-interpolation bugs are fixed, and treat exports/backups as sensitive files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README explicitly promotes persistent storage of agent session memory and shows the default storage path under the user's home directory, but it does not warn that users may store sensitive prompts, secrets, internal decisions, or personal data there. In an AI-agent context, this omission is meaningful because agents often process confidential material automatically, so users may unknowingly persist sensitive content to disk where it can be retained, backed up, or exposed to other local processes and users.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation describes persistent local storage and export of memory contents, which may include sensitive operational context, but provides no privacy, retention, or access-control warnings. This is dangerous because users may store confidential data in plaintext and then export or back it up insecurely, expanding the exposure surface.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill documents edit/delete and pruning/archive operations without prominent warnings about irreversible changes, archival side effects, or accidental loss. In an agent workflow, these commands could remove or alter historical context relied upon for future decisions, causing integrity and availability issues.

Ssd 3

High
Confidence
99% confidence
Finding
The documentation explicitly encourages storing credential-related information in persistent memory and says critical items are always surfaced in session context. This creates a serious secret-exposure risk because credentials or credential-adjacent data may be persisted in plaintext and then repeatedly injected into future sessions, increasing the chance of accidental disclosure, prompt leakage, logging exposure, or compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal