ClawHub

Agent Memory 1

Security checks across malware telemetry and agentic risk

Overview

This is a local agent-memory utility whose persistence and deletion risks are real but match its disclosed purpose and show no evidence of hidden collection or exfiltration.

Install this only if you want the agent to keep local memory across sessions. Treat the SQLite database as sensitive, avoid storing secrets or regulated personal data, review/export/delete memories periodically, and confirm the package slug and publisher before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes persistent storage of facts, lessons, and entity data including interpersonal details such as roles, timezones, preferences, and communication style, but does not warn about privacy, consent, retention, or safeguarding sensitive data. In an agent-memory skill, this omission is materially risky because users may store personal or sensitive information by default and retain it indefinitely in a local database without understanding the implications.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The README demonstrates deletion and stale-data cleanup operations but does not caution that these actions can permanently remove information or recommend preview/review before execution. While not an exploit primitive by itself, this can lead to accidental data loss, especially in a persistent memory tool where users may rely on stored operational context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs agents to store conversation-derived facts, lessons learned, and entity information across sessions, but it provides no privacy warning, consent guidance, retention limits, or sensitivity filtering. In an agent context, this can lead to persistent storage of personal, confidential, or security-relevant data from user interactions without the operator realizing the privacy implications.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The CLI stores arbitrary fact content to persistent memory with no warning, confirmation, or safeguards against entering secrets, personal data, or other sensitive information. In an agent-memory context this is meaningfully risky because users may treat the tool like ephemeral chat, while the data is actually retained and later retrievable, increasing the chance of unintended disclosure or policy/privacy violations.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This module creates a persistent SQLite database under the user's home directory and is explicitly designed to retain potentially sensitive facts, entities, and lessons across sessions, but it provides no built-in disclosure, consent flow, or indication that user-related data will be written to disk. In an agent-skill context, silent persistence of conversational and behavioral memory can expose personal or confidential information unexpectedly and increase privacy/compliance risk.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill exposes destructive deletion operations such as permanent fact removal and stale-data cleanup without any confirmation, soft-delete, backup, or warning mechanism. In an agent memory component this can lead to unintended irreversible data loss, especially if called automatically or by another component with broad access to memory APIs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal