ClawHub

MnemoPay

Security checks across malware telemetry and agentic risk

Overview

MnemoPay is not clearly malicious, but it combines persistent memory with wallet/payment actions and gives agents broad automatic recall and charging workflows without enough user-control safeguards.

Install only if you trust the external MnemoPay SDK and want an agent to manage persistent memories and payment workflows. Require explicit approval for saving or recalling memories and for every charge, settlement, or refund; avoid storing secrets or sensitive personal data; and confirm how memories and transaction logs can be reviewed and deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list includes broad, common terms such as "remember," "recall," "charge," and "balance," which can cause the skill to activate in ordinary conversation without clear user intent to invoke wallet or persistent-memory features. In this skill's context, unintended invocation is more dangerous because the available actions include cross-session data retention and financial operations, so accidental activation could lead to privacy-impacting tool use or inappropriate payment flows.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill prominently advertises persistent memory across sessions but does not provide a clear user-facing warning, consent mechanism, or sensitivity limits for what may be retained. Because the skill is designed specifically to remember user facts and preferences over time, the absence of explicit privacy notice and retention boundaries creates a meaningful risk of storing personal, sensitive, or unexpected data without informed consent.

Missing User Warnings

High
Confidence
97% confidence
Finding
The session-start workflow instructs the agent to automatically recall prior-session memories at the beginning of every conversation and use them in greetings, without any accompanying privacy warning or consent check. This is dangerous because it can surface previously stored personal context unexpectedly, including to the wrong user or in the wrong setting, increasing the risk of privacy leakage and inappropriate disclosure.

Ssd 3

Medium
Confidence
93% confidence
Finding
Directing the agent to proactively retrieve prior-session context in every conversation establishes a default data-retention and reuse pattern that can disclose historical user information without a clear need-to-know basis. In this skill, that danger is amplified because recall is framed as a standard startup protocol rather than a deliberate, user-approved action, making privacy-invasive behavior routine.

Ssd 3

Medium
Confidence
91% confidence
Finding
The skill broadly encourages storing facts, preferences, decisions, and observations across sessions without defining sensitivity boundaries, exclusion categories, or minimization rules. That creates a real risk that agents will retain personal or sensitive information too broadly, especially because the examples normalize persistent storage as routine behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal