ClawHub

TruContext OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This is a real persistent-memory integration, but it has scope and wrapper-safety issues that could expose or store the wrong context.

Install only if you trust TruContext with persistent memory for your work. Avoid storing secrets or private client data, verify which workspace/root is active before recall or ingest, and prefer a version that fails closed on workspace mismatch and safely passes paths to Python.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
77% confidence
Finding
Several listed triggers, including "check TC," "what has TC flagged," and node-creation phrases, lack clear scoping and could match normal conversation. Because this skill performs recall, graph queries, and persistence across sessions, accidental activation can expose prior context or create unintended records.

Vague Triggers

Medium
Confidence
77% confidence
Finding
Several listed triggers, including "check TC," "what has TC flagged," and node-creation phrases, lack clear scoping and could match normal conversation. Because this skill performs recall, graph queries, and persistence across sessions, accidental activation can expose prior context or create unintended records.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The ingest command forwards arbitrary user-provided text directly to the external trucontext CLI, which is expected to communicate with an external persistence service, yet the wrapper provides no explicit user-facing notice, consent check, or data-sensitivity guardrail. In a memory skill whose purpose is cross-session persistence, this increases the chance that users or upstream agents will store secrets, personal data, or proprietary workspace content outside the local environment without clear disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The recall and query commands send user questions and queries to the trucontext CLI without surfacing that these prompts may be transmitted to an external service. Because queries often contain sensitive context, names, incident details, or internal project information, silent forwarding can leak data even when the user believes they are only performing a local lookup.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: trucontext-openclaw
description: "TruContext persistent memory for OpenClaw agents. Use when you need to remember something significant across sessions, recall prior context, query the knowledge graph, check what TC is curious about, or declare entity nodes. Triggers on: 'remember this', 'recall what we know about', 'check TC', 'what has TC flagged', 'create a node for', 'find the node for'."
homepage: https://trucontext.ai
metadata: {"openclaw": {"emoji": "🧠", "homepage": "https://trucontext.ai", "requires": {"bins": ["trucontext", "python3"]}, "install": [{"id": "npm-trucontext-openclaw", "kind": "node", "package": "trucontext-openclaw", "bins": ["trucontext-openclaw"], "label": "Install trucontext-openclaw (npm) — includes TC CLI setup"}]}}
---
Confidence
88% confidence
Finding
create a node for', 'find the node for'." homepage: https://trucontext.ai metadata: {"openclaw": {"emoji": "🧠", "homepage": "https://trucontext.ai", "requires": {"bins": ["trucontext", "python3"]}, "i

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal