ClawHub

M2Wise

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate memory skill, but it encourages agents to proactively store personal conversation details without clear consent, retention, or sensitivity controls.

Install only if you want persistent agent memory. Set explicit rules that the agent must ask before saving personal data, never store passwords, API keys, tokens, or regulated data, review the external m2wise package before installation, use scoped provider keys, keep the MCP server local and access-controlled, and periodically review or delete stored memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The example explicitly demonstrates storing highly sensitive plaintext data (a password) in long-term memory and then searching it, without any warning, redaction guidance, or safe-handling controls. In a memory skill, this is especially risky because users or developers may copy the pattern directly, normalizing retention of secrets and increasing the chance of credential exposure through search, logs, prompts, backups, or downstream integrations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to extract and persist user preferences, personal facts, and commitments across sessions, but provides no consent flow, privacy notice, retention limits, or sensitivity filtering. In a memory skill, this context makes the issue more dangerous because the entire purpose is long-term storage of potentially sensitive conversational data, increasing privacy, compliance, and secondary-use risk.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The invocation guidance is overly broad because it tells the agent to proactively use the skill whenever a user shares a preference or personal fact, rather than limiting storage to explicit memory requests or clearly beneficial cases. In this skill's context, broad triggers will predictably cause over-collection and normalization of silent retention, which can violate user expectations and capture sensitive information incidentally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation explicitly states that conversation-derived memories are persisted and stored with embeddings, but it provides no user-facing notice, consent model, retention limits, or deletion/privacy safeguards. In a long-term memory skill, silently retaining personal preferences, facts, and commitments increases privacy risk because users may disclose sensitive personal data that is then stored indefinitely or reused beyond their expectations.

Ssd 3

Medium
Confidence
96% confidence
Finding
These instructions direct the agent to proactively store conversation-derived facts, preferences, and commitments in long-term memory, creating a direct data retention and possible leakage pathway. Because the skill is specifically designed for persistence across sessions, misuse or compromise could expose personal data beyond the original conversation context and make inadvertent profiling more likely.

Ssd 3

Medium
Confidence
98% confidence
Finding
The example code stores the user's message content directly via sdk.add_message, encouraging raw conversational data to be written to persistent memory instead of extracting minimal structured fields. This is dangerous because full-message storage can include sensitive, unrelated, or regulated data and increases the blast radius of any unauthorized access or unintended reuse.

Ssd 3

Medium
Confidence
97% confidence
Finding
The best-practices section tells the agent to save strong user preferences even when the user did not ask for retention, which normalizes covert persistence of personal data. In a memory-engine skill, this materially increases privacy risk because it encourages silent profile building and long-lived storage based on conversational inference rather than informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal