ClawHub

continuity-kernel

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local continuity-memory tool that persists agent context and writes evaluation receipts without evidence of hidden network access or unrelated behavior.

Install this only if you want persistent local agent continuity memory that may be reused in future model inputs. Review or clear ~/.local/state/continuity-kernel/continuity.db and ~/.cache/continuity-kernel when needed, avoid storing highly sensitive profile details in Soul Card data, and choose trace/eval output paths carefully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises itself as user-invocable and documents environment-variable use plus persistent file read/write behavior, but it declares no permissions. This creates a transparency and policy-enforcement gap: users and hosting systems cannot accurately assess or gate the skill’s access to local state, cache locations, SQLite files, or environment-controlled paths such as CONTINUITY_KERNEL_DB_PATH.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
When a drift warning is emitted, the code logs agent_id, tool_name, detailed scoring signals, and legacy_score into diagnostics without any evident minimization, redaction, consent, or access-control boundary in this file. In a continuity/kernel component explicitly handling mission intent and tool inputs, those fields can reveal sensitive operational context, user goals, or internal classifier behavior to anyone with diagnostic access, increasing privacy leakage and aiding prompt/mission manipulation.

Missing User Warnings

Low
Confidence
88% confidence
Finding
On exception, the fail-open path emits diagnostics containing agent_id and tool_name. Although lower sensitivity than the warning path, this still creates metadata leakage about who invoked what tool and when failures occurred, which can expose usage patterns or sensitive workflow details if logs are broadly accessible.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal