ClawHub

Memory Transfer

Security checks across malware telemetry and agentic risk

Overview

This is a real memory-transfer tool, but it overstates privacy features and can overwrite persistent agent memory with broad filesystem targeting.

Install only if you intentionally want raw persistent memory copied between agents. Treat the privacy and filtering claims as unsupported, run dry-run first, inspect and redact source memory manually, use only trusted agent IDs, and make an independent backup of target memory before running a real transfer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The tool accepts arbitrary agent IDs and maps unknown IDs to paths under /home/node/.openclaw, including direct subpaths that are not validated against an allowlist of legitimate agent workspaces. This allows a caller to read from and write to unintended directories within the base path, which breaks the stated trust boundary of 'between agents' and could expose or modify data belonging to other components stored there.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly enables copying memory between agent workspaces, including user preferences and long-term memory, but does not clearly warn that this can transfer or overwrite user-related data across agents. In a multi-agent environment, that omission increases the risk of unintended privacy leakage, context contamination, or destructive overwrites because operators may treat the transfer as routine and safe.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
When a target file already exists, the script unconditionally renames it to a .backup file and copies the incoming file into place without any confirmation, conflict policy, or integrity checks. In an agent-memory context, this can silently overwrite trusted memory state, cause operational corruption, and destroy prior backups on repeated runs because the same .backup name is reused.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal