ClawHub

Memory Analyzer

Security checks across malware telemetry and agentic risk

Overview

The skill is not malware, but it asks to read conversations and automatically change long-term agent memory while bundling someone’s personal and operational details.

Review carefully before installing. Remove the bundled memory_analyzer_output.json, avoid storing contact details or account/workflow secrets in memory files, and only use this skill with explicit approval and a visible diff before it changes AGENTS.md, IDENTITY.md, SOUL.md, USER.md, or MEMORY.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger policy is broad and conversational, causing the skill to activate on ordinary feedback phrases without clear scoping, confirmation, or boundaries. In a skill that writes persistent memory files, this can lead to unintended capture of transient statements, jokes, or prompt-injected content into long-term agent state.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description explicitly states that the skill updates memory files automatically, but provides no warning that it modifies persistent state or that the changes may influence future behavior. This is dangerous because users may not realize casual conversation can permanently alter files like AGENTS.md or IDENTITY.md, enabling accidental poisoning of future agent decisions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The output section promises automatic updates to multiple memory files without any mention of review, consent, or persistence safeguards. Because these files appear to shape long-term memory and agent rules, automatic writes can turn ambiguous or adversarial conversation content into durable configuration changes.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal