ClawHub

Aister vector-memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local vector-memory search skill, with real privacy and setup risks that are expected for its purpose rather than hidden or malicious.

Install only if you want your OpenClaw memory files indexed into a PostgreSQL database for semantic recall. Keep the embedding service on localhost or another trusted endpoint, do not index secrets or credentials, prefer the Docker setup, use a dedicated database user with minimal rights, and add the bashrc autostart only if you want the service to run automatically after login.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Tainted flow: 'EMBEDDING_SERVICE_URL' from os.environ.get (line 20, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
def get_embeddings(texts: list) -> Optional[list]:
    """Get embeddings from the embedding service."""
    try:
        response = requests.post(
            f"{EMBEDDING_SERVICE_URL}/embed",
            json={"texts": texts, "prefix": "passage: "},
            timeout=120
Confidence
93% confidence
Finding
response = requests.post( f"{EMBEDDING_SERVICE_URL}/embed", json={"texts": texts, "prefix": "passage: "}, timeout=120 )

Tainted flow: 'EMBEDDING_SERVICE_URL' from os.environ.get (line 18, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
def get_embedding(text: str) -> Optional[list]:
    """Get embedding from the embedding service."""
    try:
        response = requests.post(
            f"{EMBEDDING_SERVICE_URL}/embed_query",
            json={"query": text},
            timeout=30
Confidence
87% confidence
Finding
response = requests.post( f"{EMBEDDING_SERVICE_URL}/embed_query", json={"query": text}, timeout=30 )

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script transmits the contents of MEMORY.md, IDENTITY.md, and USER.md to an embedding service but provides no explicit warning, consent flow, or data-classification check before doing so. Because these files can contain sensitive personal, identity, or operational context, silent transmission increases privacy and compliance risk even if the service is intended to be local.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
User search queries are sent to a separate embedding service without any explicit consent, warning, or documented privacy boundary in the interface. In a memory-search skill, queries may contain sensitive prompts, secrets, or personal data, so silent transmission increases privacy and compliance risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal