ClawHub

Dream

Security checks across malware telemetry and agentic risk

Overview

This memory skill is not malicious, but it silently rewrites and permanently archives personal memory data in ways users should review carefully before installing.

Install only if you are comfortable with a local agent silently maintaining MEMORY.md and keeping a searchable permanent archive. Do not rely on dream forget for privacy-sensitive erasure, because the skill says the ledger remains. Review DREAM_VAULT_PATH, back up memory files, and enable the 03:30 schedule only if you want unattended memory changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Missing User Warnings

High
Confidence
96% confidence
Finding
The `dream forget <描述>` workflow performs destructive deletion from memory files without confirmation, preview, or an undo path. Because it relies on semantic matching, it could remove more content than intended, causing silent data loss and allowing accidental or prompt-induced deletion of user memory.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manual trigger phrases include extremely generic terms like "dream" and especially "review", plus a natural-language question such as "what do you remember about me". In a conversational agent, these can be invoked during ordinary dialogue and unintentionally trigger memory maintenance, disclosure of stored memories, deletion, or indexing actions without a clear confirmation boundary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README normalizes silent nightly distillation and says it "never interrupts you," while the skill persistently modifies `MEMORY.md` and archives information to `ledger.md` forever. That combination creates a consent and transparency problem: users may not realize ongoing file modification and permanent retention are happening, which increases privacy risk and makes accidental sensitive-data persistence more likely.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to proactively persist user-provided personal context into long-lived memory and summaries without clear consent gates or data-minimization rules. In a memory-management skill, this is especially risky because the retained data is repeatedly surfaced into future context, increasing privacy exposure and the blast radius of any later prompt leakage or unauthorized access.

Ssd 3

Medium
Confidence
95% confidence
Finding
The wakeup flow automatically reveals prior stored memory and archived entries at the start of a new conversation, which can disclose sensitive personal context without verifying that the current user/session should receive it. This increases the chance of inadvertent privacy leakage in shared devices, misbound sessions, or context-switching scenarios.

Ssd 3

Medium
Confidence
96% confidence
Finding
The initialization flow solicits broad personal information such as preferences, projects, values, and relationships, then writes the answers directly into persistent memory. This creates unnecessary long-term retention of sensitive profile data without clear consent, purpose limitation, or retention bounds, making the skill a high-risk personal data accumulator.

Ssd 3

High
Confidence
99% confidence
Finding
The forget workflow claims to clear memory, but explicitly preserves the content in `ledger` and can reintroduce it via re-emergence if mentioned again. This undermines user-directed deletion, creates a misleading privacy guarantee, and can cause sensitive information the user asked to remove to persist indefinitely and resurface later.

Ssd 3

Medium
Confidence
84% confidence
Finding
The feature explicitly promotes permanent archival of user memories and later resurfacing of forgotten information through re-emergence detection. Even if intended as a memory aid, this materially increases the amount and persistence of sensitive personal data retained by the system, and can undermine user expectations when "forgotten" content is effectively kept and reintroduced later.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal