Back to skill
Skillv2.1.1
VirusTotal security
Memory Transfer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:58 AM
- Hash
- f6d84b13cb7120b20dcca59078cac06a11ba8a08578bef6c029940a60b5f3d99
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: memory-transfer Version: 2.1.1 The skill contains a path traversal vulnerability in `memory-transfer.js` within the `getWorkspacePath` function, which allows an agent to potentially read or write files outside of the intended workspace directories by using parent directory references (e.g., `../`) in the `agentId` parameter. Additionally, there is a significant discrepancy between the documentation in `SKILL.md`, which claims to implement 'privacy protection' and 'filtering', and the actual implementation in `memory-transfer.js`, which performs simple, unfiltered file copies.
- External report
- View on VirusTotal