ClawHub

mem9.ai

Security checks across malware telemetry and agentic risk

Overview

This is a coherent setup guide for a cloud memory plugin, with real privacy and credential risks that are mostly disclosed and scoped to its purpose.

Install only if you want mem9 to handle cloud-backed OpenClaw memory. Treat MEM9_API_KEY as a secret, avoid pasting it unless you trust the chat environment, review the dry-run config changes carefully, and remember that local uninstall does not delete remote mem9 data or revoke the key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup explicitly instructs users to paste an existing mem9 API key into chat, but does not clearly warn that this is a sensitive secret or offer a safer entry path. Secrets pasted into chat may be retained in logs, transcripts, analytics, or memory systems, exposing the user's mem9 account if the conversation or backend is later accessed.

Session Persistence

Medium
Category
Rogue Agent
Content
- Older versions: omit `hooks.allowConversationAccess` and tell the user to upgrade OpenClaw for full automatic conversation upload.
- If the version is unavailable or unclear, ask the user before editing config.

### 4. Write Config And Read It Back

Preserve unrelated config. Apply mem9 config in one contiguous update after install succeeds.
Confidence
81% confidence
Finding
Write Config And Read It Back Preserve unrelated config. Apply mem9 config in one contiguous update after install succeeds. Common shape: ```json { "plugins": { "slots": { "memory": "mem9" },

Session Persistence

Medium
Category
Rogue Agent
Content
- Treat this as reconnect failure, not success
- Do not hand off the auto-provisioned key to the user
- Re-check the write order: the user-provided key must be saved before the first restart
- Re-check the exact config path: `plugins.entries.mem9.config.apiKey`
- Re-check the read-back value from `openclaw.json` before the first restart
- Rewrite the original user-provided key to the correct field
Confidence
83% confidence
Finding
write order: the user-provided key must be saved before the first restart - Re-check the exact config path: `plugins.entries.mem9.config.apiKey` - Re-check the read-back value from `openclaw.json` bef

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal