Hierarchical Memory

Security checks across malware telemetry and agentic risk

Overview

The skill is local-only and broadly matches its memory-management purpose, but its helper script can modify unintended files if given unsafe paths.

Use this only if you are comfortable with a local memory tool that creates and modifies persistent workspace files. Before running scripts/add_branch.py, use simple slug-like names and only pass intended memory/domain Markdown files as parents; ideally patch the script to canonicalize paths and reject traversal or non-memory targets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The project branch flow trusts the user-supplied --parent path and appends content to any existing file under /root/.openclaw/workspace, not just intended memory domain files. This creates an arbitrary file modification primitive within the workspace, which can corrupt configuration, instructions, or other agent-controlled files and exceeds the skill’s documented purpose of organizing memory files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal