Back to skill

Security audit

BenOS Memory Core

Security checks across malware telemetry and agentic risk

Overview

This is a small local memory helper that reads disclosed BenOS runtime files, with no evidence of exfiltration or hidden execution.

Install this only if you want BenOS agents to reuse local session memory. Do not store secrets or untrusted instructions in the runtime files, and periodically inspect or clear ~/.openclaw/workspace/benos/runtime/ if the remembered context becomes stale or sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Low
Confidence
84% confidence
Finding
The usage guidance is broad and permissive, telling agents to use the skill for runtime memory operations and even direct file edits without clear trigger conditions or guardrails. In an agent environment, vague invocation criteria can cause overuse, unauthorized state mutation, or accidental persistence of sensitive or incorrect session data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly allows modifying runtime state through commands or direct file edits, but it does not warn users that it can change active session memory and related files. This can lead to silent corruption, manipulation of agent state, loss of auditability, or unexpected behavioral changes if invoked by another component or operator without understanding the write effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill reads user-scoped runtime files from the home directory and returns their contents through the hydrate interface without any disclosure, consent check, or access control. Because these files contain session state and prior session notes, this can expose sensitive user data or agent context to any caller able to invoke the skill, making the issue more dangerous in a memory/core module that is explicitly designed to aggregate sensitive runtime information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.