ClawHub

Evo Memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory skill, but it installs always-on hooks that persist conversation and command-failure signals without strong user controls.

Install only if you intentionally want an always-on local memory layer for future agent sessions. Before enabling it, review the hook scripts, decide what may be stored, avoid using it around secrets or sensitive projects, and be prepared to inspect or delete pending.jsonl, principles.md, patterns/, citation logs, and the self-evolution bootstrap hook.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Vague Triggers

High
Confidence
95% confidence
Finding
The phrase 'Use on every session for continuous self-improvement and learning' creates an overly broad activation condition that can cause the skill to run in ordinary sessions regardless of topic or user intent. That is dangerous because it normalizes silent collection and persistence across all conversations, including sessions where memory capture is unnecessary or privacy-sensitive.

Vague Triggers

High
Confidence
97% confidence
Finding
The skill mandates a fixed startup routine on every session, including loading persistent memory and reusing it throughout the conversation. This is risky because it broadens data exposure and influence from prior sessions into unrelated tasks, increasing the chance of privacy leakage, stale-context errors, and unauthorized retention without user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions require persistent logging of user corrections, preferences, satisfaction signals, and operational failures into pending.jsonl without any upfront warning to the user. This is dangerous because even short summaries can capture sensitive behavioral or preference data, creating an undisclosed audit trail of conversation content and user traits.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The direct-write rules allow user statements like '记住:XXX' or corrections to be written straight into long-term memory files without a prior warning or structured review. This is dangerous because it enables accidental storage of sensitive, manipulative, or incorrect content into durable memory, where it may later influence behavior across sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The hook persistently records command failure summaries to a workspace file automatically and without any explicit user notice or consent in the script behavior. Because the summary is derived from tool output, it can capture sensitive filenames, secrets, tokens, internal paths, or error text and retain them across sessions, increasing unintended data exposure risk.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script reads tool output from an environment variable and writes derived content to disk, but it does not treat that output as sensitive or sanitize it before persistence. Environment-provided tool output often contains stack traces, credentials, paths, query fragments, or customer data, so even partial logging can create a durable leakage channel.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The hook persistently logs user-derived signals to a file under the user's home directory based on prompt content, but the script itself provides no notice, consent gate, retention control, or minimization. Because this skill is explicitly designed for continuous memory and runs on every session, it can silently accumulate behavioral and preference data from normal conversation, creating a privacy risk and a durable record that may expose sensitive user intent or corrections.

Ssd 3

High
Confidence
98% confidence
Finding
The skill broadly instructs the agent to retain and write conversation-derived user content, including corrections, preferences, knowledge, and satisfaction signals, into persistent storage. In this context, that is especially dangerous because the skill is designed to run every session, turning ordinary interactions into long-term behavioral profiling without strong scoping, review, or minimization controls.

Ssd 3

High
Confidence
99% confidence
Finding
The direct-write paths permit immediate persistence of user-provided statements into principles or pattern files, and the instructions explicitly allow autonomous classification into long-term memory. This is dangerous because it removes meaningful review at the point of storage, making prompt-injection-by-user, misinformation retention, and storage of confidential content much more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal