ClawHub

Memory Semantic Search

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Markdown semantic-search skill, but it can upload workspace notes to an embedding provider and retain raw note text locally.

Install only if you are comfortable with selected Markdown files and search queries being processed by the embedding provider you configure. Index the narrowest directory possible, avoid secrets or regulated data, prefer a trusted or local embedding endpoint, use a dedicated API key, and delete or force-rebuild the SQLite database after sensitive edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation indicates capabilities to read workspace files, access environment variables, and make network requests, but it does not declare permissions accordingly. This creates a transparency and consent problem: an agent or user may invoke the skill without understanding that local markdown content will be processed and embeddings sent to an external API endpoint.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README states that workspace Markdown content and user queries are sent to an external Embedding API, but it does not clearly warn users that potentially sensitive local notes will leave the machine and be processed by a third party. In a memory/search skill, users may reasonably point it at private notes, making the omission a real privacy and data-handling risk even if the transmission is part of intended functionality.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script sends markdown chunk contents from the local workspace to a remote embedding API, which can expose sensitive notes, secrets, or proprietary content to an external provider. In this skill's context, external transmission is the core behavior, but the lack of an explicit user-facing warning, consent step, or allowlist makes accidental data exfiltration plausible.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends the user's raw search query to an external embeddings API, and the skill description only generically notes that an embedding API is required rather than clearly warning that query contents leave the local workspace. In a memory-search skill, queries may contain sensitive notes, names, decisions, or other confidential context, so external transmission creates a real privacy and data-handling risk even if it is part of the intended functionality.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
export EMBEDDING_API_KEY="sk-xxx"
export EMBEDDING_API_BASE="https://api.openai.com/v1"   # any OpenAI-compatible endpoint
export EMBEDDING_MODEL="text-embedding-3-small"          # optional, this is the default
```
Confidence
86% confidence
Finding
https://api.openai.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal