Image Prompt Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is a local image-prompt library that saves prompts for reuse, with no evidence of hidden network access, credential use, or destructive behavior.

Install only if you are comfortable with successful prompt text and feedback being saved locally for later reuse. Avoid including secrets, customer data, or confidential business details in prompts unless you have a process to review or delete the local prompt_library.json file.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill states that prompts are automatically saved after the user is satisfied, but it does not clearly disclose that this creates persistent storage in `/root/.openclaw/workspace/data/prompt_library.json`. Prompt contents, feedback, and descriptions may contain sensitive or proprietary user data, so silent retention creates a privacy and data-governance risk even if the feature is intended for convenience.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal