ClawHub

Convert Memory Files Between Systems

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real memory-migration helper, but it can persistently change OpenClaw plugin configuration and write to a local memory database without enough safeguards.

Install only if you specifically need to migrate from memory-lancedb-pro to memos-local-openclaw-plugin. Before running the scripts, review and replace all paths, back up the OpenClaw config and memos database, test on copies first, and only remove the old plugin configuration after confirming the new memory import worked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script does not perform any memory export or conversion despite the skill claiming to migrate data between systems; it directly deletes the `memory-lancedb-pro` plugin configuration from the target JSON file. In a migration context this is dangerous because it can disable the source plugin and potentially sever access to existing memory data before export, causing service disruption and possible data loss during a sensitive system transition.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger includes broad phrases like any request involving migration between systems, configuration modification, or database import, which could cause the skill to activate for loosely related requests. Over-broad activation is dangerous here because the skill contains instructions for deleting plugin configuration and modifying a live local database, increasing the chance of unintended execution in the wrong context.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs deletion of configuration entries and direct insertion into a local SQLite database, but provides no mandatory backup, schema validation, rollback, or transactional safety guidance. In this context, the danger is elevated because the included code targets concrete filesystem and database paths and could corrupt configuration, duplicate records, or damage data integrity during migration.

Vague Triggers

Medium
Confidence
89% confidence
Finding
This eval defines a high-confidence trigger for broadly phrased migration assistance involving memory files and system switching, without clear scoping constraints or exclusions. In an agent skill, overly broad activation boundaries can cause the skill to trigger in unintended contexts and then guide file manipulation, config edits, or data migration actions on user-supplied paths, increasing the chance of unsafe or over-privileged behavior.

Vague Triggers

Medium
Confidence
87% confidence
Finding
This second high-confidence eval again uses generic migration language and lacks precise activation boundaries, making the skill eligible to trigger on common support requests that only loosely resemble the intended workflow. Because the skill involves configuration modification and data import/export steps, accidental activation could lead to inappropriate instructions for editing persistent config files or moving data between systems.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script overwrites the configuration file in place with no backup, validation, dry-run mode, or confirmation to the user. If the path is incorrect, the file structure differs, or the removal is unintended, the operation can silently break plugin loading and make recovery difficult.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal