ClawHub
Back to skill

Security audit

Agent Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed persistent-memory skill with privacy-relevant behavior, but the behavior is purpose-aligned and no artifact-backed malicious or deceptive actions were found.

Install only if you want a local agent memory system. Review where the SQLite database is stored, avoid saving secrets or sensitive personal data, periodically run cleanup or purge old memory, and verify any referenced implementation files before using them because this scanned artifact only included the documentation file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Session Persistence

Medium
Category
Rogue Agent
Content
- Authority Lanes (identity / preference / evidence / authorization / procedural)
- Rebound-Protection after idle phases (signalfoundry / Moltbook pattern)
- Class-specific TTL and forget_stale()
- Finer source trust: five sources with per-lane write policy (`tool`/`external` quarantined to `evidence`; `identity`/`authorization` protected)
- Raw recall snippets kept separate from semantic facts
- Auto-injection plugin with per-lane budgets and German-aware, score-ranked query retrieval (token-prefix FTS + synonyms, deterministic, no embeddings)
- Conflict detection on single-valued lanes (`identity`, `authorization`) with explicit resolution; open conflicts auto-reconcile when a referenced fact becomes inactive
Confidence
74% confidence
Finding
write policy (`tool`/`external` quarantined to `evidence`; `identity`/`authorization` protected) - Raw recall snippets kept separate from semantic facts - Auto-injection plugin with per-lane budgets a

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.