ClawHub

MemClawz Connect

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides shared agent memory, but it encourages broad automatic reads and writes to a shared HTTP store without enough consent, privacy, authentication, or retention boundaries.

Install only if you deliberately want agents to share persistent memory. Keep it on localhost or a trusted private network unless you add HTTPS, authentication, and access controls. Do not let agents store secrets, credentials, personal data, customer data, private prompts, security findings, or proprietary project details unless the user explicitly approves the exact entry.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list includes broad natural-language phrases such as 'shared memory', 'search memory', and 'remember this across sessions', which are likely to appear in ordinary user requests. This can cause the skill to activate unintentionally and route agent behavior into a memory-sharing workflow without deliberate user consent or clear task scoping.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs agents to write task-derived content to a shared HTTP memory service after completing work, but it provides no user-facing disclosure, consent mechanism, or data-retention warning. In practice, this can exfiltrate sensitive prompts, outputs, operational details, or user data into a shared store accessible across agents and sessions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup promotes remote HTTP endpoints and optional API-key use without warning about unencrypted transport, secret exposure, or secure credential handling. If used as written over a network, memory contents and credentials can be intercepted or misused, especially because the examples normalize insecure defaults.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill description explicitly advertises long-term, cross-session, cross-agent memory without defining content restrictions or sensitivity boundaries. Because agents are encouraged to persist discovered facts and recall prior context broadly, user-provided sensitive information may be retained and shared far beyond the original interaction context.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instruction to 'write back' after completing work creates a broad default expectation that task outcomes should be logged to shared memory. This is dangerous because many task results naturally contain confidential business context, user content, internal architecture details, or security-relevant information that should not be replicated into a shared system.

Ssd 3

Medium
Confidence
95% confidence
Finding
The AGENTS.md integration embeds the same expectation that agents should write significant work results to shared memory, normalizing persistent cross-agent sharing as a standard operating pattern. Because this guidance is designed for propagation into agent instructions, it increases the likelihood of repeated, large-scale leakage of sensitive task content across sessions and deployments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal