ClawHub

Secretary Memory Hook

Security checks across malware telemetry and agentic risk

Overview

This memory hook broadly matches its purpose, but it automatically stores chat snippets and moves local memory files without enough user control.

Install only if you are comfortable with conversation snippets being retained in local memory files and top-level memory markdown files being moved automatically. Review or fix the shell command construction, verify the separate secretary-memory scripts from a trusted source, and back up the memory directory before enabling it in a sensitive workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The manifest/description understates the hook's actual behavior by omitting automatic message logging and file migration/index rebuilding. This is security-relevant because users and reviewers may grant the skill access without realizing it modifies stored data and persists conversation content, undermining informed consent and auditability.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill description says it operates around session compaction, but the code also hooks every message:sent event and persists conversation snippets to disk. This expands collection scope beyond the stated behavior and creates undisclosed retention of potentially sensitive conversational data, which is a real security/privacy issue in a memory-oriented skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The hook performs automatic data-modifying actions—migrating markdown files and appending message content to log files—without an explicit warning or consent-oriented notice. In a memory/automation skill, this increases risk of silent persistence of sensitive content and unexpected workspace changes, especially because the behavior is triggered automatically on events rather than through an explicit user command.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The handler appends message content to on-disk logs automatically without any visible consent, warning, or data minimization. Because chat messages may contain secrets, credentials, or personal data, silent persistence increases the risk of unintended disclosure, over-retention, and secondary access by other processes or users.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code automatically moves user markdown files and rebuilds an index, modifying user data without confirmation or safety checks. Even if intended as maintenance, silent file moves can break user workflows, alter expected data locations, and cause integrity or availability issues if the classification is wrong.

Ssd 3

Medium
Confidence
95% confidence
Finding
Automatic summarization and incremental logging of conversation content create a persistent data-retention channel for sensitive natural-language inputs. In the context of a memory skill, this is especially risky because the feature is designed to collect and reuse contextual data across sessions, increasing exposure if stored content is accessed, indexed, or exfiltrated.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal