ClawHub

SQ Memory

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate persistent-memory skill, but it needs review because it can retain and expose sensitive agent memory with weak scoping and deployment guidance.

Install only if you are comfortable giving the agent durable memory. Prefer a local or HTTPS endpoint with verified authentication, do not store secrets or sensitive personal/regulatory data, use separate namespaces per user or agent, review/delete stored memories regularly, and patch or account for the prefix-listing and query-string storage issues before using it for private workflows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function advertises prefix-scoped listing but ignores the provided prefix and returns the entire table of contents. This can expose all stored memory coordinates to any caller that expected a limited view, increasing unintended data disclosure and enabling broader enumeration of stored data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The quickstart explicitly tells users to configure an agent with permanent memory and to store user preferences, identity, and conversation summaries, but it does not warn about consent, retention, sensitivity, or privacy boundaries. In agent systems, this can lead to indiscriminate long-term storage of personal or confidential data, increasing privacy, compliance, and data exposure risk if the memory backend is later queried, leaked, or shared across agents.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README encourages storing persistent user data and using authenticated cloud requests, but it does not warn users against placing sensitive information into long-lived memory or explain the privacy implications of hosted storage. In an agent context, users may naturally store preferences, contacts, conversation history, or other personal data, so omission of clear data-handling guidance can lead to unintended exposure or over-collection.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation explicitly instructs users to expose a self-hosted endpoint and states that self-hosted SQ has no authentication by default. In context, this creates a realistic risk of operators deploying an Internet-reachable memory service without access control, enabling unauthorized reads, writes, or tampering with agent memory if they follow the guide as written.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly promotes storing user preferences and conversation history across sessions but provides no privacy notice, data minimization guidance, retention policy, or warning about sensitive information. This creates a real privacy/security risk because agents may persist personal or confidential data indefinitely and resurface it later without user awareness or consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example explicitly implements long-term storage of conversation summaries and full message turns, which can include sensitive user data, without any consent, disclosure, retention controls, or minimization. In an agent context, persistent memory materially increases privacy risk because recalled data may outlive user expectations and can expose personal, confidential, or regulated information if later accessed, leaked, or misused.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example explicitly promotes permanent memory for user identity, contact details, and preferences across sessions, but it does not include any notice, consent flow, retention limits, or guidance on minimizing sensitive data collection. In an agent skill, this can normalize storing personally identifiable information such as names, email addresses, phone numbers, and timezone data without the user's informed awareness, creating privacy and compliance risk if deployed as-is.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill semantically directs the agent to retain and later resurface user-provided data, including preferences and conversation history, beyond the original interaction context. In context, this is risky because persistent memory changes the privacy model of the agent and can expose sensitive data across sessions, to operators, or to other integrated agents if access controls are weak.

Ssd 3

Medium
Confidence
96% confidence
Finding
The example instructs agents to summarize and store user conversations and recall them after the original context has expired, which normalizes long-term retention of potentially sensitive content. This is dangerous because users may reasonably expect context-window loss to limit retention, while the skill instead preserves derived conversation data indefinitely and makes it retrievable later.

Ssd 3

Medium
Confidence
91% confidence
Finding
The multi-agent coordination example explicitly encourages sharing memory across agents, expanding the trust boundary and increasing the chance of unauthorized data access, cross-agent leakage, or misuse of stored content. In this skill's context, shared coordinates make persistent data more dangerous because information written by one agent may be consumed by another with different prompts, policies, or security posture.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal