Security audit

record a dream

Security checks across malware telemetry and agentic risk

Overview

This is a local dream-journal skill that saves sensitive dream text on disk, but the behavior is disclosed, limited, and matches its purpose.

Install only if you are comfortable storing dream descriptions as readable local Markdown files under ~/.openclaw/memory/dreams/. Avoid recording details you would not want exposed through shared devices, backups, synced folders, or local compromise, and periodically delete entries you no longer want kept.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill performs file reads and writes to `~/.openclaw/memory/dreams/` and invokes helper scripts, but the manifest does not declare any corresponding permissions. Undeclared capabilities weaken review and policy enforcement because users and the platform cannot accurately assess what filesystem access the skill needs, increasing the chance of overreach or misuse of stored personal data such as private dream journals.

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The README states that dreams are saved under a local persistent path, but it does not clearly warn users before use that sensitive dream narratives will be retained on disk. Because dream content can include intimate personal, medical, or psychological details, silent persistence increases privacy risk, especially on shared devices or synced home directories.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal