ClawHub

Auto Memory Manager

Security checks across malware telemetry and agentic risk

Overview

This skill performs automatic memory management as advertised, but it can process and persist full conversations broadly without review, redaction, or clear user control.

Install only if you are comfortable with completed conversations being automatically sent to your configured LLM, summarized, appended to MEMORY.md, and indexed for later retrieval. Avoid using it for sensitive, private, regulated, credential-bearing, or confidential work unless you add review, redaction, disable, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented behavior says the skill runs at session end to summarize and store memory, but the finding indicates it also supports manual bulk processing, a daily cron job, and enumeration of recent closed sessions. That expands the collection scope from a single end-of-session action to retrospective and scheduled processing, which can capture more user data than expected and undermine informed consent and operator oversight.

Vague Triggers

Medium
Confidence
89% confidence
Finding
An automatic trigger that runs broadly at session end without scope constraints can process conversations regardless of sensitivity, user role, or content type. In a memory-writing skill, this increases the chance that private or regulated data is persisted automatically without review.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill description emphasizes convenience and automatic behavior but does not clearly warn that conversation-derived content will be persistently appended to MEMORY.md. Users may reasonably assume summarization is ephemeral, so the missing disclosure creates a privacy and data-governance risk when sensitive details are stored long term.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill automatically persists LLM-derived summaries of conversations into MEMORY.md without any user notice, consent, or review step. This can retain sensitive or private information beyond the original session lifecycle and may surprise users who do not expect long-term storage of extracted preferences, facts, or entities.

Missing User Warnings

High
Confidence
98% confidence
Finding
The full session conversation is sent to an LLM for extraction with no explicit disclosure or consent mechanism. If the conversation contains secrets, personal data, credentials, or proprietary content, this expands the exposure boundary to another processing component and can create significant privacy and compliance risk.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill is designed to automatically derive memory from full session content and persist it to MEMORY.md, which can include secrets, personal data, credentials, internal URLs, or other sensitive context mentioned during conversation. Because storage is automatic and long-lived, accidental disclosure risk increases further once the content is also indexed for semantic retrieval.

Ssd 3

Medium
Confidence
97% confidence
Finding
The extraction prompt explicitly asks the model to retain important facts, preferences, and entity information from entire conversations, but includes no instruction to exclude secrets, financial data, health data, credentials, or other sensitive content. In this skill's context, that increases the chance that private data will be summarized into durable memory and later resurfaced or indexed.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal