中文记忆优化 (Chinese Memory Optimizer)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw memory optimizer, but it can persistently change memory behavior and rewrite, compress, archive, or delete memory files without strong scoping or approval guidance.

Install only if you intentionally want this skill to modify your OpenClaw memory system. Run diagnosis first, back up ~/.openclaw, use dry-run modes for tagging and compression, review exact paths and config changes before applying them, and avoid cron maintenance unless you have backups, logs, and a rollback plan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs execution of scripts that read and modify memory files, but it declares no permissions or safety boundaries. This creates a transparency and consent problem: an agent or user may invoke file-writing behavior without clear prior disclosure, increasing the risk of unintended data modification in a memory store.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The skill's stated purpose is optimization and diagnosis, but its documented behavior includes bulk file rewrites, archival, and referenced cleanup/deletion behavior that materially changes user data. A description-behavior mismatch is dangerous because users may authorize a tuning task while the skill performs destructive or persistent modifications outside what they reasonably expect.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The activation condition 'when the user requests diagnosis or optimization of the memory system' is broad enough to trigger on many loosely related requests. In a skill that can modify files and indexes, vague activation increases the chance of overreach, causing maintenance or rewrite operations to run when the user intended only analysis or advice.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill describes bulk tagging, compression, archival, and index rebuild actions but does not prominently warn that these steps alter stored data. Without explicit warnings, users may not realize that logs will be rewritten, archived, or potentially removed, which can lead to data loss, integrity issues, or irreversible changes to memory content.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The memoryFlush prompt directs the system to continuously summarize conversations into structured logs for long-term retention, including generated tags and categorized content. This creates semantic data leakage and privacy risk because sensitive user information may be persistently stored, made more searchable, and retained beyond the user's immediate intent.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal