ClawHub

Memory Fortress

Security checks across malware telemetry and agentic risk

Overview

This memory skill is not malicious, but it automatically saves user prompts and recovery summaries into local files, which needs careful privacy review.

Install only if you want a local file-based memory system. Avoid giving the agent secrets, credentials, private personal details, or confidential business text in prompts that may be saved verbatim, and periodically review or delete the state, memory, and project files it creates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly requires writing the user's exact words to persistent storage immediately for every task, but it does not include any guardrails for secrets, personal data, credentials, or regulated content. This creates a clear privacy and data-retention risk because sensitive information can be copied from ephemeral conversation context into durable files unnecessarily.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The reorientation flow instructs the agent to read back full thread content and then write a summary to files, but it does not warn against persisting sensitive conversational material. In practice, this can transfer private or confidential information from chat history into durable memory artifacts, broadening exposure and retention.

Ssd 3

Medium
Confidence
97% confidence
Finding
Persisting the user's exact words for every task is a direct data-retention hazard because user prompts may contain secrets, personal identifiers, access details, or other sensitive material. The skill's broader 'write immediately' and 'files are truth' framing makes this more dangerous by normalizing default persistence rather than minimization.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instruction to read back full thread content and create persistent reorientation summaries can capture sensitive information that appeared anywhere in the conversation, even if it was only needed temporarily. Because the summary is then written to a file and treated as operational memory, sensitive data may be retained longer and exposed more broadly than intended.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal