ClawHub

Smart Compact

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed memory-compaction helper, but it can persist broad conversation and tool-output details, including access-related information, without enough clear user control before writing.

Install only if you are comfortable with the agent writing conversation-derived notes to local memory files. Before using it, require explicit review of every item to be saved, never allow passwords, tokens, cookies, login details, or private access material to be written, and periodically inspect or delete the memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README encourages extracting conversation and tool-output data into persistent memory files but does not clearly warn that this may retain sensitive user, system, or operational data beyond the current session. Even though it mentions redaction in places, the overall guidance normalizes broad persistence of potentially sensitive context without strong minimization or consent requirements.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill allows proactive activation when context is nearly full, not just on explicit user invocation. That creates an ambiguous execution boundary for a workflow that scans prior tool outputs and writes extracted data to memory files, increasing the chance of unintended persistence or actions the user did not clearly request.

Ssd 3

Medium
Confidence
95% confidence
Finding
These instructions direct the agent to persist broad categories of conversation-derived data, including user preferences, task progress, service endpoints, and access-related details, into memory files. In a memory-management skill, that context makes the issue more dangerous because the skill's core purpose is long-lived retention, increasing the chance of sensitive data accumulation, unintended disclosure, or later misuse.

Ssd 3

High
Confidence
99% confidence
Finding
The classification rules explicitly say credentials and similar sensitive details are 'must save' items for memory. Persisting secrets to long-lived files is highly dangerous because it creates a durable secret store in plain workflow artifacts, which can later be exposed through prompts, file reads, backups, logs, or repository sync.

Ssd 3

High
Confidence
99% confidence
Finding
The English section repeats the same unsafe guidance, designating credentials and sensitive configuration data for persistent storage. Duplicating this in both language sections increases the likelihood that users and agents will follow it, making secret persistence a built-in behavior rather than an edge case.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to broadly extract and persist conversation and tool-output data, including user preferences, file paths, endpoints, configs, and errors, into dated memory files. This can capture secrets or sensitive operational data from prior outputs and retain them beyond their original context, increasing exposure, over-retention, and the blast radius of any later compromise or unintended access.

Session Persistence

Medium
Category
Rogue Agent
Content
- A bug you already solved? Agent hits the same wall again
- Made a decision for good reasons? After compaction, the reasons are gone

**Smart Compact** inserts a "pre-processing" phase before `/compact`: **rescue important information first, write it to memory files, confirm safety, then compress**.

### Core Philosophy: Rescue Before Compress
Confidence
91% confidence
Finding
write it to memory files, confirm safety, then compress**. ### Core Philosophy: Rescue Before Compress Traditional compaction is a blunt instrument. Smart Compact uses a **4-phase progressive strate

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal