ClawHub

龙虾知识体系管理

Security checks across malware telemetry and agentic risk

Overview

This is a documented Markdown-based memory system for agents, with privacy risks from local persistent notes but no evidence of hidden, destructive, or deceptive behavior.

Install this only if you want your agent to keep durable local Markdown memory about you, your preferences, and your work. Do not store passwords, API keys, regulated personal data, or confidential third-party information in these files, and periodically review or delete stale memory entries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to maintain USER profiles and daily raw logs, which creates persistent storage of potentially sensitive personal and conversational data. Even though it advises not to expose real identities in one place, the overall design normalizes broad retention without minimization, consent, retention limits, or access controls, increasing privacy leakage and cross-session data exposure risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The workflow requires immediate recording of session/task details into persistent memory before task execution, which can cause unreviewed prompts, user inputs, and sensitive context to be written to disk automatically. This is dangerous because it bypasses any relevance, sensitivity, or consent check and can turn transient confidential data into durable artifacts that are easier to leak, misuse, or improperly reuse later.

Ssd 3

Medium
Confidence
95% confidence
Finding
The heartbeat mechanism repeatedly consolidates daily memory into long-term memory, encouraging continuous retention and propagation of historical conversation content across time. In context, this makes the system more dangerous because the skill is a knowledge-management framework specifically designed to accumulate and rehydrate context, which amplifies privacy risk, stale-data reuse, and unintended disclosure across future tasks or agents.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal