ClawHub

MemVault

Security checks across malware telemetry and agentic risk

Overview

MemVault appears to be a real long-term memory tool, but it needs Review because it persistently stores sensitive conversation-derived data while exposing unauthenticated services and using a high-risk installer step.

Install only if you are comfortable running a persistent local memory service. Review the installer before running it, consider installing Ollama manually, bind services to localhost only, change default database credentials, add authentication or firewall controls, and avoid storing secrets, regulated data, or private conversations until retention and deletion controls are in place.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
On Linux, the installer fetches and executes a remote shell script from ollama.com using curl piped directly to sh. This creates a supply-chain execution path where a compromised upstream server, TLS interception, or unexpected script change can result in arbitrary code execution on the user's machine.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains broad natural-language terms like 'remember' and 'recall', which can cause the skill to activate in many ordinary conversations unrelated to intentional long-term storage. In a memory skill, over-broad activation is especially risky because it can lead to unintended persistence of sensitive user content across sessions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The description explains features but omits a clear warning that the skill persistently stores conversation-derived data and exposes a local HTTP service. Because the skill extracts facts from conversations and retains them over time, users may unknowingly store sensitive or regulated data, and other local processes may be able to query or manipulate that memory service.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The /memorize endpoint writes full conversation data to a predictable location under /tmp before passing it to the backend. Even though the file is deleted in a finally block, sensitive data is exposed at rest temporarily and may persist if the process crashes, the host is multi-tenant, or filesystem permissions are too broad.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Memory summaries are sent to external service endpoints for translation via the LLM API, and translated content is then sent for embedding. Even if these defaults point to localhost, the endpoints are configurable by environment variables, so sensitive user memory can be exfiltrated to remote services without any consent, allowlist, or trust boundary enforcement.

Missing User Warnings

High
Confidence
99% confidence
Finding
The command `curl -fsSL https://ollama.com/install.sh | sh` executes downloaded code immediately with no inspection, pinning, integrity check, or confirmation. This is dangerous because it grants full code execution to whatever content is served at that URL at install time.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal