ClawHub

rick-memory-setup

Security checks across malware telemetry and agentic risk

Overview

The skill mainly installs a local memory system, but its templates also give the agent persistent authority to store sensitive context, prune memory, monitor accounts, and push code without clear user approval.

Review AGENTS.md and HEARTBEAT.md before installing. Remove or narrow the BOOTSTRAP deletion rule, plaintext API-key guidance, proactive email/calendar/social checks, and any commit/push authority unless you explicitly want them. Keep secrets out of MEMORY.md, TOOLS.md, USER.md, and daily memory files, and periodically inspect what the skill has retained or rewritten.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instruction to delete `BOOTSTRAP.md` after reading it encourages irreversible modification of workspace state without user confirmation or auditability. Even if intended as cleanup, it can destroy provenance, setup instructions, or forensic evidence and normalizes destructive behavior on first run.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The heartbeat instructions explicitly direct automatic updates, cleanup, and deletion of memory content, including removing outdated information and archiving tasks, without any user consent, confirmation gate, backup requirement, or warning about destructive effects. In an agent context, autonomous modification of long-term memory can cause silent data loss, integrity issues, and persistence of incorrect summaries that affect future behavior.

Ssd 3

Medium
Confidence
90% confidence
Finding
This section establishes persistent cross-session logging of user context, decisions, and memories into plain files. That creates a durable data-retention surface that can later be exposed to other sessions, tools, collaborators, or accidental disclosure if access controls are weak.

Ssd 3

High
Confidence
98% confidence
Finding
The policy explicitly instructs the agent to immediately write stable preferences, project decisions, lessons, and environment configuration such as API keys into persistent files. This is dangerous because it operationalizes storage of sensitive information in plain text, increasing the risk of credential leakage, later exfiltration, unintended sharing, and privilege compromise.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal