ClawHub

Smart Compact

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed compaction helper, but it can persist broad conversation and tool-output details, including authentication-related data, into memory files with weak save-time controls.

Install only if you are comfortable with the agent reviewing prior conversation/tool outputs and writing selected details to memory files. Before use, require a preview of exactly what will be saved, forbid storing raw credentials, tokens, cookies, auth headers, personal data, and sensitive internal output, and periodically prune or delete the memory logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly promotes rescuing and writing conversation details to persistent memory files before compaction, but the privacy implications are not foregrounded at the point of use. This creates a realistic risk of storing secrets, personal data, internal endpoints, or incident details beyond the original session boundary.

Missing User Warnings

High
Confidence
99% confidence
Finding
These extraction rules instruct the agent to persist highly sensitive categories including authentication-related information and user preferences, while only mentioning redaction in passing. In practice, natural-language extraction/redaction is error-prone, so this materially increases the risk of credential retention, privacy leakage, and later disclosure through memory files.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill allows proactive or automatic triggering when context is near full, without a strong consent boundary tied to the persistence step. In practice, this can cause the agent to scan recent tool outputs and prepare memory extraction in situations the user did not explicitly request, increasing the chance of unintended data review or retention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs writing extracted facts, decisions, errors, and other conversation-derived data into persistent memory files, but the description does not prominently warn users that retention occurs. This is dangerous because users may believe compaction is only summarization, when it actually creates durable records of potentially sensitive data from tool outputs and conversation context.

Ssd 3

Medium
Confidence
94% confidence
Finding
Directing the agent to persist tool-output and conversation details into memory files introduces a data-retention surface that may outlive the immediate task. Even if intended for convenience, this increases exposure of sensitive operational context such as paths, endpoints, logs, and user-provided information.

Ssd 3

High
Confidence
99% confidence
Finding
The extraction policy semantically encourages storing sensitive operational details and user preferences from live conversations into persistent logs. In an agent environment, such stored context can later be surfaced, exfiltrated, or misused by other skills, prompts, or users with filesystem access.

Ssd 3

Critical
Confidence
100% confidence
Finding
Marking authentication tokens as 'must save' is a severe security flaw. Persisting credentials to memory files creates a durable secret store that can be exposed through later prompts, accidental file reads, backups, logs, version control, or local compromise.

Ssd 3

High
Confidence
99% confidence
Finding
The English section repeats the same risky storage guidance, broadening the likelihood that users will adopt unsafe persistence practices. Repetition across languages reinforces behavior that can lead to systematic retention of sensitive tool outputs and conversational data.

Ssd 3

Critical
Confidence
100% confidence
Finding
The English classification policy again instructs saving auth tokens and other sensitive data to memory, confirming this is not an isolated wording issue but a core unsafe design decision. Credential persistence in agent memory is highly exploitable and can directly enable account compromise or lateral movement.

Ssd 3

Medium
Confidence
96% confidence
Finding
The extraction phase explicitly persists broad categories of information from tool outputs and conversation history, including user preferences, task progress, configuration values, paths, endpoints, and errors. In this context, that is risky because tool outputs often contain secrets, internal infrastructure details, personal data, or proprietary information, and the skill provides a mechanism to durably store them before compaction.

Ssd 3

Medium
Confidence
97% confidence
Finding
The rule 'better to store more than miss anything' biases the skill toward over-collection and over-retention of conversation-derived data. In a compaction helper, this makes the context more dangerous because the skill is specifically scanning large tool outputs where sensitive information is likely to appear, so the directive encourages persistent storage of data that should instead be minimized or discarded.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal