Multi Agent Memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent multi-agent project-memory tool, but it needs Review because it persists and searches cross-project data while leaving important scoping and path-safety controls undefined.

Install only if you are comfortable with agents storing, searching, and archiving project information under /root/.openclaw across projects. Use simple trusted project and phase names, avoid putting secrets or customer/private data in logs or shared knowledge, and add validation plus retention/redaction rules before using this in a sensitive workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger phrases are broad, common operational terms such as project initialization, weekly reports, handoff docs, milestone updates, and knowledge search. In an agentic environment, this increases the chance the skill is invoked unintentionally, causing file reads/writes, cross-project searches, or archival actions without sufficiently specific user intent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill defines broad filesystem structures for shared knowledge, project state, and archives, but does not clearly require user-facing disclosure when searches span multiple projects or when data is written and retained. This can lead to over-collection and surprise persistence of sensitive project information beyond what the user expected.

Ssd 3

Medium

Confidence: 93% confidence
Finding: At the architectural level, the skill promotes shared memory, cross-project knowledge linkage, and persistent archives across multiple agents. In a multi-project, multi-agent setting, this materially increases the risk of sensitive information being disclosed across project boundaries or retained longer than necessary, especially when agents normalize broad data sharing as part of routine workflow.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The daily workflow instructs each agent to read all status files and optionally search the shared knowledge base, which expands access beyond immediate need-to-know. This creates a natural-language data leakage path where agents ingest unrelated or sensitive project details simply because the workflow says to load them routinely.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The completion workflow requires detailed development logs and encourages adding new knowledge into a shared repository. Without sanitization, secrets, internal architecture, customer data, incident details, or project-confidential context can be copied into durable shared documents and become visible to other agents or future tasks.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The weekly workflow archives status snapshots and summaries into long-term storage, increasing retention and future redistribution risk. Even if the original access was appropriate, packaging and preserving data broadens exposure windows and makes accidental later disclosure more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal