Back to skill

Security audit

Aura for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill is a local document indexing and persistent memory tool whose sensitive behavior is disclosed and aligned with its purpose.

Install only if you want your agent to index local files and keep local memories across sessions. Avoid storing secrets, credentials, regulated data, or private personal information, and confirm exact folders before using broad commands like 'learn everything'.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README presents highly permissive natural-language commands such as 'Learn everything' and 'Remember that' without documenting confirmation steps, scope restrictions, or safeguards around what paths and content may be ingested or persisted. In an agent setting, broad triggers can cause over-collection of data, accidental indexing of sensitive files, or persistence of information the user did not intend to store, especially because the skill emphasizes durable cross-session memory.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill markets persistent memory for preferences, conversation history, and learned facts, but it does not warn users against storing secrets, regulated data, or other sensitive personal information in long-lived storage. Because the feature is specifically designed to survive sessions and support recall, missing privacy guidance materially increases the chance of accidental retention and later exposure of sensitive data.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger guidance is broad enough that common user phrases like "learn," "compile," "index," or especially "remember" can cause the agent to invoke file-compilation or memory-writing behaviors without sufficiently explicit user confirmation. In this skill's context, that can lead to unintended ingestion of local directories or persistence of sensitive conversational content into long-lived memory, even though processing is claimed to remain local.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The autonomous invocation statement leaves the decision boundary to the agent, saying it decides when to compile documents and manage memory based on user requests, but without defining strict constraints or consent requirements. That ambiguity increases the chance of the agent performing sensitive local actions—such as indexing large directories or storing private data in persistent memory—when user intent is unclear or only loosely related.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The --memory mode prints raw memory content, source, namespace, and timestamp directly to stdout with no authorization check, sensitivity filtering, or warning. In an agent setting, memory may contain secrets, personal data, prompts, or internal context, so a user who can invoke this script may retrieve information beyond what should be disclosed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.