ClawHub

Agent Memory Setup

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw memory-system installer with expected persistent-memory behavior, but users should review what the agent will store before using it.

Install only in a workspace where you want long-term agent memory. Review the setup script and AGENTS.md template first, verify the Lossless Claw plugin source if supply-chain control matters, and avoid storing secrets, credentials, regulated data, or private personal details unless you deliberately want future agents to read them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest uses broad trigger phrases such as "memory setup" and "agent onboarding," which can match common user requests and cause the skill to activate in contexts where the user did not explicitly intend to install or modify a memory system. Because the skill performs setup and configuration actions, over-broad activation increases the risk of unintended workspace changes or installation guidance being surfaced automatically.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to run a setup script, create multiple files and directories, modify AGENTS.md and openclaw.json, install packages/plugins, and restart services, but it does not prominently require prior user confirmation or warn that the workspace will be changed. In an agent setting, this is dangerous because it can lead to unintended persistent modifications, dependency installation, and service disruption from a loosely triggered workflow.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template instructs the agent to persist session context and remembered information to local files, but it does not require explicit user notice or consent before storing potentially sensitive data on disk. In a memory-setup skill, this creates a realistic risk of collecting personal, operational, or confidential information into plaintext workspace files that may be retained longer than intended or exposed to other tools, users, or agents.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instruction that the agent may 'read, edit, and update MEMORY.md freely' in main sessions normalizes unrestricted modification of a file explicitly described as containing personal context, without requiring user awareness, approval, or scoping limits. This can lead to silent accumulation, alteration, or over-retention of sensitive personal information, especially because the skill is specifically designed to establish long-term agent memory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal