ClawHub
Back to skill

Security audit

Lobster Memory System

Security checks across malware telemetry and agentic risk

Overview

This looks like a local AI memory and backup skill, but it asks users to run unreviewed PowerShell setup scripts with policy bypass and gives under-scoped guidance for persistent sensitive memory data.

Install only if you are comfortable with persistent local AI memory and scheduled backups. Before running setup, obtain and inspect the referenced PowerShell scripts from a trusted source, avoid ExecutionPolicy Bypass unless you understand why it is needed, do not store API keys or private data in memory files, and review backup encryption, retention, ACL changes, and deletion commands before enabling them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The documentation advertises backup encryption and audit logging as existing security features, but the described implementation only creates plain ZIP backups and does not document any logging mechanism. This creates a misleading security posture: operators may store sensitive memory data believing it is encrypted or auditable when it is not, increasing confidentiality and accountability risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The installation instructions explicitly tell users to run PowerShell with ExecutionPolicy Bypass, which suppresses a meaningful safety control and normalizes unrestricted script execution from the downloaded skill directory. In a skill package context, this is dangerous because any malicious or tampered init script would execute with the user's privileges and the document provides no warning or integrity-verification step.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation directs users to configure automatic backups via a scheduled task that continuously stores memory data, but it does not clearly warn that potentially sensitive user data will be retained locally on an ongoing basis. In a memory-management skill, the backed-up content is likely to include personal preferences, knowledge, and project data, so silent retention increases privacy and exposure risk if the host is compromised or the backups are mishandled.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The cleanup command permanently removes backup archives based on age without any warning that the deletion is irreversible or recommendation to verify the files first. While this is primarily a safety and availability issue rather than code execution, users could unintentionally destroy all recoverable history and lose sensitive records needed for restoration or audit.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The troubleshooting guidance recursively grants the current user full control over the entire memory-system tree using icacls, without explaining the security consequences. In a skill that stores long-term memory, configuration, and backups, broad full-control permissions can weaken filesystem protections, increase tampering risk, and expose sensitive data if the account or process context is abused.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill promotes automatic backups of the memory system without clearly warning that snapshots will duplicate potentially sensitive user data into archives. In a memory-management skill, backups inherently expand the number of sensitive-data copies and can increase exposure through weaker permissions, theft of archives, or accidental sharing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell users to run local PowerShell scripts with ExecutionPolicy Bypass, which suppresses an important safety control and may normalize unsafe execution practices. Because these scripts initialize files, configure scheduled tasks, and modify the local environment, users should be clearly warned about the trust and system-modification implications before running them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.