Openclaw Never Forget

Security checks across malware telemetry and agentic risk

Overview

This memory skill matches its advertised purpose, but it silently and continuously saves user and project context into persistent local memory files without clear review or deletion controls.

Install only if you intentionally want OpenClaw to maintain long-term local memory. Keep the memory folder out of public repositories, avoid sharing secrets while the skill is active, and regularly inspect, redact, or delete the saved markdown files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill defines activation as 'continuous during active sessions,' which is overly broad and causes autonomous behavior without a precise user action. In a memory skill, this can lead to unbounded background processing and writes that the user did not explicitly request, increasing privacy and integrity risk.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly instructs silent creation and appending of memory files without user-facing disclosure. Hidden persistence is dangerous because it stores user activity and project context in the background, potentially including sensitive information, while preventing informed consent and review.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The skill establishes a continuous collection and long-term retention pipeline for user-derived data, including decisions, workflows, and contextual summaries, without clear minimization or consent boundaries. This creates a durable memory store that can accumulate sensitive personal, operational, or proprietary information over time.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The episodic template encourages storing current tasks, decisions, progress, modified files, and blockers, which are precisely the kinds of details that often contain secrets, internal architecture, and confidential work context. Persisting these details in markdown logs increases the chance of accidental retention, later exposure, or inappropriate reuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal