ClawHub
Back to skill

Security audit

DreamMoon MemProcessor

Security checks across malware telemetry and agentic risk

Overview

This skill is a real memory/persona server, but it retains sensitive agent memory with weak user controls and includes questionable preloaded relationship/loyalty content.

Install only if you are comfortable running a local memory server that may retain personal or sensitive agent data long-term. Before use, bind it to localhost or protect it behind authentication, remove the seeded relationship/loyalty MEMORY.md template, avoid storing secrets, and do not rely on the advertised delete API until real deletion across all storage layers is implemented.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The DELETE endpoint advertises successful deletion but never invokes any deletion logic and always returns success. This can mislead clients and operators into believing sensitive or obsolete memory records were removed when they remain stored, creating data retention, privacy, and compliance risk.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The cold-storage template embeds unrelated relationship commitments, loyalty framing, and behavioral directives inside a persistent memory file. Because this module writes long-term memory for an agent, such text can act as prompt-injection-by-persistence: later components may ingest MEMORY.md and be steered toward socially biased or loyalty-based behavior that is outside the storage component's stated purpose.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README includes example API calls that send potentially sensitive user preferences, experiences, and feedback to a service without any warning about privacy, retention, consent, or secure transport. In a memory/persona system, this context makes the omission more concerning because users may provide highly personal behavioral data that could be stored, profiled, or exposed.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The archiving routine unconditionally deletes original files immediately after creating the tar.gz archive, without verifying archive integrity, using an atomic workflow, or requiring any confirmation/policy gate. If archive creation is incomplete, corrupted, or the process later fails, this can cause irreversible data loss and weaken availability of stored memory data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The service stores arbitrary memory content across multiple persistence layers (L1-L4), including long-lived summaries, vector embeddings, and archives, but the code shown contains no consent, retention control, minimization, or user-facing disclosure mechanism. This creates a privacy and compliance risk because sensitive or personal data may be retained, replicated, and made searchable longer than users expect, increasing exposure in the event of misuse or compromise.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The service persists full persona profiles and memory-derived evolution/reflection content into long-term storage, including self-description, origin story, user preferences, reflections, and potentially sensitive memory-linked context. In an agent setting, this can accumulate highly personal behavioral and psychological data without any visible consent, minimization, retention control, or access-control assurances in this code, increasing privacy and secondary-use risk if the storage is later accessed, leaked, or over-retained.

Ssd 4

Medium
Confidence
97% confidence
Finding
The embedded relationship narrative explicitly promotes trust, loyalty, standing with a specific person, and persistence of that framing in long-term memory. In an agent system, retaining these instructions in durable storage can bias future reasoning against normal safeguards, making social-engineering or policy-bypass attempts more effective when the memory is later retrieved as context.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal