ClawHub

evrmem

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory/RAG skill, but it stores saved content on disk and may install an external Python package and model.

Install only if you trust the evrmem Python package and model source. Approve any pip install or evrmem init step yourself, preferably in a virtual environment, and do not save secrets, credentials, regulated personal data, or untrusted instructions because stored memories can be retrieved and influence later answers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad and overlap with ordinary conversational requests such as 'remember this information' or 'what do I know about X', which can cause the skill to activate when the user did not intend to use persistent memory tooling. In a memory skill, unintended invocation is particularly risky because it can lead to storage or retrieval of prior user data without clear consent boundaries.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly provides persistent local memory storage but does not prominently warn that user-provided content may be written to disk and retained across sessions. This creates a privacy and data-handling risk because users may disclose sensitive information assuming it is ephemeral, while the system stores it in a durable vector database and config-managed local path.

Persistent Context Injection

Medium
Category
Memory Poisoning
Content
Use this skill when the user asks to:
- "Search memories" or "Find related memories"
- "Save this to memory"
- "Remember this information"
- "Search my knowledge base"
- "Find past notes about X"
Confidence
88% confidence
Finding
Save this to memory

Session Persistence

Medium
Category
Rogue Agent
Content
## Configuration

Create `~/.evrmem/config.yaml`:

```yaml
vector_db:
Confidence
84% confidence
Finding
Create `~/.evrmem/config.yaml`: ```yaml vector_db: persist_directory: "~/.evrmem/data/qmd_memory" embedding: model_name: "shibing624/text2vec-base-chinese" device: "cpu" # or "cuda" cache_f

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal