ClawHub

Memory Processor

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed AI memory/persona service, but it needs Review because it stores private memory long-term while deletion, authentication, and archival safeguards are weak.

Install only if you are comfortable running a local memory server that can retain private conversation content and persona inferences. Before use, bind it to localhost or add real authentication, avoid storing secrets, and verify deletion/backup behavior because the advertised delete endpoint does not actually erase memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The DELETE endpoint advertises successful deletion but does not actually remove any data, returning success regardless of whether anything happened. This can mislead clients and operators into believing sensitive memory was erased when it remains stored, creating data retention, privacy, and compliance risks.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The archiving routine unconditionally deletes original files immediately after creating the archive, with no verification step, rollback, backup validation, or user confirmation. If the archive is corrupted, incomplete, written to an unexpected location, or the operation is triggered unintentionally, this can cause irreversible data loss in a memory system that likely stores important historical records.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The service automatically persists user-provided memory content across multiple storage layers (L1/L2/L3/L4), including long-term summary and vector storage, without any visible consent, disclosure, retention control, or sensitivity-based restriction in this code path. In a memory system, this increases privacy and compliance risk because potentially sensitive user content may be retained and propagated more broadly than the user expects, especially since `is_sensitive` is computed but not used to limit persistence.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The service persists full persona profiles, evolution events, and reflections to long-term memory without any visible consent, disclosure, minimization, or retention control. Because these records can contain inferred traits, preferences, and sensitive reflective content, silent storage increases privacy risk and can expose users to profiling or unintended secondary use if the memory layer is later queried, leaked, or reused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal