ClawHub

Session Memory (Workspace)

Security checks across malware telemetry and agentic risk

Overview

This skill openly searches local OpenClaw chat logs and can save date-scoped conversation excerpts into workspace memory files for later recall.

Install this only if you want OpenClaw to search and remember prior local conversations. Run it for specific dates or queries, avoid using it on sessions containing secrets or confidential data, and review or delete generated memory files when they should not be retained or included in future memory search.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes persisting and searching prior conversation history, but it provides no warning about handling sensitive data, consent, retention, or access controls. In an agent skill whose purpose is memory and recall, this omission materially increases the risk that private or regulated information from chats will be stored and later surfaced unexpectedly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs the agent to write summaries into workspace memory files, which is a persistent modification of user data, but it does not require an explicit confirmation or warning before doing so. Because the source material is prior conversation logs, this can persist sensitive or unintended content into a searchable memory store and expand later disclosure through citations/RAG.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This script reads historical session JSONL files from a default per-user memory directory and emits matching conversation snippets directly to stdout, which can expose sensitive prior user or assistant content to any caller with access to run the skill. Even though this appears to be the intended feature of a memory-search tool, the lack of any consent check, warning, redaction, or scope restriction means sensitive conversation data can be retrieved and surfaced with a simple keyword search.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script copies prior session content from a default directory in the user's home folder into a workspace markdown file, effectively persisting and potentially broadening access to conversation data. Because the copied content may contain secrets, personal data, or sensitive project information, doing this without explicit consent, disclosure, filtering, or access controls creates a real privacy and data-exposure risk.

Session Persistence

Medium
Category
Rogue Agent
Content
# session-memory

OpenClaw skill: write session summaries into daily memory files and search session history so the agent can recall and cite past conversations.

## Features
Confidence
91% confidence
Finding
write session summaries into daily memory files and search session history so the agent can recall and cite past conversations. ## Features - **Session → memory**: Run `session-to-memory.js` for a d

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: session-memory
version: 1.0.0
description: Write session summaries to daily memory files and search session history so OpenClaw can recall and cite past conversations.
metadata: { "openclaw": { "emoji": "📅", "requires": { "bins": ["node"] } } }
---
Confidence
86% confidence
Finding
Write session summaries to daily memory files and search session history so OpenClaw can recall and cite past conversations. metadata: { "openclaw": { "emoji": "📅", "requires": { "bins": ["node"] } }

VirusTotal

46/46 vendors flagged this skill as clean.

View on VirusTotal