ClawHub
Back to skill

Security audit

Agent Memory Persistent Workspace Memory System

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory setup that stores plaintext agent notes in workspace files, so it needs privacy care but shows no hidden exfiltration or destructive behavior.

Install only in a workspace where plaintext persistent memory is acceptable. Do not store passwords, API keys, tokens, regulated data, or highly sensitive personal details in these files; add memory files to .gitignore where appropriate, review and prune logs periodically, and narrow when personal relationship or profile files are loaded.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide explicitly tells users to have the agent persist session content, decisions, preferences, and project state into workspace files, but it does not prominently warn that this may store sensitive personal or business data in plaintext on disk. That creates a real privacy and security risk because local files may be exposed through backups, sync tools, repository commits, multi-user systems, or later agent retrieval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README instructs users to create persistent files for user profile, long-term memory, handoff state, and daily session logs, but it provides no warning about storing secrets, personal data, or sensitive conversation history. In a memory-oriented skill, this omission is more dangerous because the core feature encourages accumulation of exactly the kinds of data that can become privacy breaches, prompt-injection persistence, or cross-session leakage if mishandled.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The phrase 'Load when people are mentioned' creates an overly broad activation rule that can trigger on routine conversation containing any person reference. In a persistent memory system, this can unnecessarily surface trusted-user and relationship data into contexts where it is not needed, increasing the chance of privacy leakage, over-collection, or inappropriate cross-context personalization.

Ssd 3

Medium
Confidence
91% confidence
Finding
The document encourages broad cross-session retention of user-specific facts, preferences, lessons, and project information in natural language summaries. Even with owner/group separation, this increases the chance that sensitive personal context is unnecessarily retained and later surfaced in responses, logs, prompts, or other channels beyond the user's intent.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to persist and reload broad contextual data across sessions, including user profile data, handoff state, and daily logs. Even without code execution, this creates a durable natural-language memory store that can re-expose sensitive information in later sessions, especially if the workspace is shared, synced, or accessed in the wrong channel/context.

Ssd 3

Medium
Confidence
96% confidence
Finding
Telling the agent to capture everything from a session in raw form encourages indiscriminate retention of sensitive prompts, credentials, personal information, and confidential work context. Those raw logs can later be surfaced to the model or other users, expanding the blast radius of any accidental disclosure or prompt injection embedded in prior conversations.

Ssd 3

Medium
Confidence
94% confidence
Finding
The guidance to fill USER.md with what the agent should 'always know' promotes collection of persistent personal profile information that may be far broader than necessary for task completion. Persistent storage of such data increases privacy risk through repeated exposure, over-collection, and possible misuse across future sessions or contexts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal