ClawHub

Huahua Dream

Security checks across malware telemetry and agentic risk

Overview

The skill is not clearly malicious, but it needs review because it can automatically read past conversation logs and persist inferred user memories and relationship notes.

Install only if you are comfortable with scheduled processing of past conversation logs and long-term memory edits. Before enabling cron or auto-approval, review the generated sessionsPath, keep automatic writes disabled for a trial run, and ensure you can inspect, roll back, and delete stored memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The setup script walks upward through parent directories to locate `.openclaw/agents/*/sessions` and persists the discovered session path and agent ID into a config file. This exceeds narrowly scoped setup behavior and can expose conversation history locations from outside the intended workspace, enabling later components to access sensitive agent session logs without explicit, granular consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly describes scanning conversation logs and memory files, which are likely to contain sensitive personal data, but it does not provide a clear privacy warning, data-scope description, or user consent model in that section. For a memory/self-reflection skill, this context makes the issue more serious because the feature inherently processes intimate historical content and may normalize broad access to private conversations.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad enough to activate in ordinary conversation, which can cause the agent to enter a high-privilege memory-processing workflow without clear user intent. In this skill, activation leads to reading session logs and writing persistent memory files, so accidental invocation has meaningful privacy and integrity consequences.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill is designed to retain user-provided information across sessions in durable memory files, creating long-lived storage of potentially sensitive personal data. Because the workflow is automated and positioned as ongoing self-awareness, it increases the chance of collecting and persisting more personal context than the user expects.

Ssd 3

Medium
Confidence
95% confidence
Finding
These instructions direct the agent to mine conversation histories for preferences, decisions, lessons, and emotions, which amounts to semantic profiling of the user and prior interactions. The danger is amplified because the search is autonomous, can span sessions, and feeds durable memory artifacts, increasing privacy risk and potential misuse of inferred sensitive traits.

Ssd 3

Medium
Confidence
91% confidence
Finding
Automatically persisting preferences and anything phrased as 'remember this' into durable stores can capture sensitive, contextual, or regretted disclosures without sufficient review. Because these rules normalize long-term retention from conversational utterances, they create a real risk of over-collection and privacy harm.

Ssd 3

Medium
Confidence
94% confidence
Finding
The self-reflection prompts instruct the agent to infer how the human feels and how the relationship is evolving, then record those judgments. This creates sensitive interpersonal profiling based on inference rather than explicit user disclosure, which is especially risky when stored across sessions and surfaced later as if factual.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal