Back to skill
Skillv1.0.0
VirusTotal security
Supermemory Free · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:58 AM
- Hash
- 9e4b0a6cefb0c5a9937603c6a73b9808b3e44cae7f44897fad53c782e7f0c540
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: supermemory-free Version: 1.0.0 The skill is designed to store and retrieve knowledge from Supermemory.ai, which involves sending data to an external service (api.supermemory.ai). While this is the stated purpose, the `auto_capture.py` script attempts to filter sensitive information (passwords, secrets, tokens) using regex-based `SKIP_PATTERNS`. This filtering, though well-intentioned, is inherently imperfect and could lead to unintentional leakage of sensitive data, classifying it as a vulnerability. Additionally, the `install_cron.sh` script uses `source .env` which, if the `.env` file were compromised, could introduce further risks. There is no evidence of intentional malicious behavior like exfiltration to unauthorized endpoints or covert backdoors.
- External report
- View on VirusTotal