ClawHub

Openclaw Memories

Security checks across malware telemetry and agentic risk

Overview

This memory skill appears purpose-built, but its Observer can send full conversation text and potentially the wrong environment API key to external LLM providers.

Review before installing. Use Observer only for conversations you are comfortable sending to the selected LLM provider, pass the correct provider-specific apiKey explicitly, avoid relying on environment fallback, and restrict Indexer use to memory directories you intentionally want searched.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly shows an Observer component sending conversation content to third-party LLM providers, but it does not clearly warn users that potentially sensitive chat data will leave the local system. In a memory skill, users may reasonably expect conversations to remain local, so the omission increases the risk of accidental disclosure of secrets, personal data, or proprietary information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code concatenates full conversation content into a prompt and sends it to a third-party LLM provider, but this file contains no consent gate, redaction, minimization, or disclosure mechanism. In a memory skill, conversations can contain sensitive personal, confidential, or regulated data, so transmitting them externally creates a real privacy and data-governance risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The extraction prompt explicitly asks the model to retain biographical facts and opinions from the entire conversation with no limiting instruction for sensitivity, consent, or retention boundaries. Because this skill is specifically designed for memory formation, it increases the chance of persistent collection of sensitive personal data and inferred traits beyond user expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal