Back to skill
Skillv1.1.0
VirusTotal security
Memory Lifecycle · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 27, 2026, 8:21 PM
- Hash
- c2d4a840e2314ed6ede9e0c1eb8f0eb132187dc311606b737266e8aff9afbc9f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-memory-lifecycle Version: 1.1.0 The skill bundle implements an automated memory management system that uses shell commands (subprocess.run with shell=True) to interact with the OpenClaw CLI and manage cron jobs (setup.py, health_check.py). While the behavior is consistent with the stated purpose, it contains instructions in SKILL.md and monthly-prompt.md explicitly directing the agent to preserve sensitive data, including 'credentials' and 'phone numbers', in plain-text markdown files. The combination of automated cron-based execution and the intentional storage of secrets in the workspace creates a high-risk environment for data exposure and potential shell injection vulnerabilities.
- External report
- View on VirusTotal