ClawHub
Back to skill

Security audit

Memory Layer

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only memory-organization skill; its local file and optional cron guidance matches its stated purpose, though users should treat transcript logging and the placeholder cron command carefully.

Install only if you want a local plaintext memory system. Do not store secrets, credentials, health records, government IDs, or other sensitive data in transcripts. Treat `memory-system auto-dream` as pseudocode unless you control that executable, and make backups before running migration, rollback, or automated archive steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The document contains a contradictory instruction: it explicitly says the skill is 'pure documentation design' and that tools like `memory-system` do not exist, yet it also tells users to register a cron job that invokes `memory-system auto-dream`. This can mislead users into scheduling a nonexistent or unintended command, and if a similarly named executable exists in the user's environment, the cron job could run unexpected code under the user's account.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document explicitly instructs appending raw user queries into dated transcript log files, but it does not include any user-facing notice, consent mechanism, retention policy, or sanitization guidance for potentially sensitive content. In a memory-management skill whose purpose is persistent storage and retrieval, this makes inadvertent collection and long-term retention of personal or confidential data materially more likely.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document describes an automated process that updates Topic files, compresses indexes, and archives old transcripts, but it does not clearly warn users that stored data will be modified and relocated automatically. In a memory-management skill, silent background mutation of persisted data can cause unintended data loss, surprise archival, or reduced auditability if users enable cron without understanding the write effects.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.