ClawHub

Failure Memory Log

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local failure log skill, with the main risk being that sensitive error details could be saved on disk if the user does not manage the log carefully.

Install this only if you want a persistent local record of failures. Keep the memory directory somewhere appropriate for the project, review it periodically, and avoid saving tokens, credentials, private customer data, sensitive paths, or confidential operational details in logged errors.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger conditions are broad enough to activate on routine error handling or ordinary phrases like 'what went wrong,' which can cause the skill to run outside clearly intended contexts. In practice this increases the chance of unsolicited memory access or logging behavior, especially because the skill also recommends pre-task searches and automatic recording during agent work.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to automatically append detailed failure context, error messages, and root causes into a persistent markdown file without an explicit user notice, consent flow, retention policy, or data minimization guidance. That can lead to unintentional storage of sensitive operational details such as tokens in error output, internal paths, credentials, or confidential task context, creating a durable data exposure risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal