ClawHub

memU-lite

Security checks across malware telemetry and agentic risk

Overview

This is a local memory skill with no network exfiltration found, but it encourages automatic long-term retention of conversation-derived user data and seeds user-profile-like memory without clear consent or sensitivity controls.

Install only if you explicitly want agents to maintain a persistent local memory folder. Before using it, remove or replace the seeded example profile entries, set clear rules for what may be remembered, avoid storing secrets or sensitive personal data, and periodically review or delete saved memories and backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly encourages storing user preferences, habits, project knowledge, and sharing a common memory directory across agents, but it does not warn about privacy, access control, retention, or sensitive-data handling. In a memory skill, this omission can lead users to persist personal or confidential information in plaintext and expose it more broadly than intended, especially in shared-agent setups.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs automatic persistence of conversation-derived preferences, knowledge, and tasks without any consent, minimization, or sensitivity guidance. This creates a real privacy risk because agents may retain personal or confidential data across sessions in local files without the user understanding that retention is happening.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer silently writes multiple files into the user's home directory and seeds them with fabricated personal-profile data such as language, location, role, and preferences. Even though the content is labeled as example data, creating persistent 'user memory' without explicit preview or consent can mislead downstream agents, contaminate personalization state, and cause privacy or integrity issues in systems that treat this directory as authoritative memory.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The seeded relationship record hard-codes identity attributes including '语言:简体中文' along with timezone and location, despite having no basis to assert them for the actual user. In a memory skill, this is more dangerous because other tools may later consume this file as trusted user context, leading to incorrect personalization, data integrity problems, or biased automated decisions.

Ssd 3

Medium
Confidence
95% confidence
Finding
The workflow explicitly tells the agent to automatically extract and store user conversation details into persistent memory after chats. In the context of a memory skill, this makes the risk more concrete because the stated purpose is long-term retention across sessions, increasing the chance of collecting sensitive personal or project information that may later be disclosed or misused.

Ssd 3

Medium
Confidence
93% confidence
Finding
The defined directory structure includes raw dialogue records and detailed atomic memory items, which semantically encourages broad retention of original conversations and extracted user data. Persistent raw logs materially raise exposure risk because they can contain secrets, identifiers, and context that is more sensitive than curated summaries.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal