ClawHub

Memory Manager

Security checks across malware telemetry and agentic risk

Overview

This is a local memory helper that openly stores conversation logs and notes for later search, with privacy caveats but no evidence of hidden exfiltration or destructive behavior.

Install only if you want OpenClaw conversations and selected insights saved locally for later reuse. Avoid storing passwords, tokens, personal data, or regulated information, and periodically inspect or delete the memory directory and MEMORY.md if the data should not be retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill appears to use file read/write capabilities despite declaring no permissions, which breaks the expected trust boundary for agents and reviewers. For a memory-management skill, filesystem access may be functionally relevant, but omitting those permissions prevents informed consent and can enable unauthorized reading or modification of stored conversations or other local data.

Tp4

High
Category
MCP Tool Poisoning
Confidence
82% confidence
Finding
The documented behavior does not match the detected capabilities: the skill claims semantic search but only provides keyword substring matching, and it exposes an undocumented CLI stats/reporting feature. Behavior mismatches are dangerous because operators may grant trust or deploy the skill under false assumptions, while hidden or undocumented interfaces can expose memory contents, metadata, or operational details in ways not reviewed for safety.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function persists arbitrary conversation content and metadata to disk without consent prompts, retention controls, redaction, or access restrictions. In an agent context, conversations can contain secrets, tokens, personal data, or regulated information, so silent long-term storage increases the chance of privacy breaches and secondary compromise if the workspace is later accessed by other tools or users.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Appending key insights to a persistent MEMORY.md file creates durable storage of potentially sensitive derived information without warning or approval. Summaries and insights can still contain credentials, internal strategy, personal data, or other sensitive context, and their long-lived nature makes accidental disclosure more damaging in an agent workspace.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill states that it 'automatically saves conversations during agent operation' but does not define scope, triggers, exclusions, or consent boundaries. In a memory-management skill, this ambiguity can cause sensitive prompts, credentials, or private user data to be logged unexpectedly, increasing the risk of unauthorized retention and later disclosure.

Missing User Warnings

High
Confidence
95% confidence
Finding
The feature list advertises automatic conversation logging and long-term storage without any visible warning that conversation contents will be persisted to disk. Users may reasonably assume ephemeral handling, so the omission can lead to silent storage of confidential business data, credentials, or personal information in local files that outlive the session.

Missing User Warnings

High
Confidence
96% confidence
Finding
Describing automatic archiving without privacy, retention, or sensitivity warnings is dangerous because it normalizes background collection of potentially sensitive conversations. Given the skill's purpose is long-term memory and semantic retrieval, stored data may become easier to rediscover and expose later, amplifying impact beyond a single session.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal