Security audit

Memory Transfer Enhanced

Security checks across malware telemetry and agentic risk

Overview

This skill is intended to move agent memories, but its safety controls and privacy handling are weaker than its documentation claims.

Install only if you deliberately want a local tool that can move persistent agent memory between OpenClaw workspaces. Use dry-run first, prefer narrow topic or file transfers, avoid clone mode for private data, and manually verify source and target agent IDs because the advertised confirmation safeguards are not reliably enforced.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The documentation gives conflicting descriptions of share-mode identity transformation, alternating between converting memories into third-person references to the source agent and converting them into second-person references to the target agent. In a memory-transfer skill, this ambiguity can cause agents to misattribute identity, preferences, or prior actions, which can propagate incorrect authority, context, or sensitive information into another agent's memory.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The skill claims dry-run/default confirmation safety behavior, but the documented commands show direct execution modes that may transfer memory immediately. This mismatch can lead operators to believe transfers are non-destructive or preview-only when they may actually move or copy sensitive memory, increasing the risk of unintended disclosure or privacy violations.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill explicitly documents a clone mode that preserves all content verbatim, including user information, but does not provide a strong privacy warning, consent requirement, or data-classification guidance. Because this skill is designed to move memory between agents, it can facilitate replication of personal data across trust boundaries, expanding exposure and retention of sensitive information.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: Clone mode copies memory files verbatim, including user-provided and potentially sensitive content, and the execution flow does not present a strong privacy warning or require explicit elevated confirmation before transfer. In this skill's context, agent memory is exactly where personal data, preferences, and conversation-derived secrets are likely to reside, so unrestricted cross-agent copying materially increases privacy and data leakage risk.

Natural-Language Policy Violations

Medium

Confidence: 80% confidence
Finding: The privacy filter relies on a narrow set of hard-coded Chinese and a few generic English patterns, which creates a false sense of sanitization while missing sensitive data in other languages and formats. In a memory-transfer tool, incomplete filtering is dangerous because operators may believe 'share' mode is safe even when user identifiers, contact details, or private facts remain intact.

Ssd 3

Medium

Confidence: 96% confidence
Finding: Verbatim cloning enables wholesale transfer of entire agent memory with no meaningful privacy guardrails, preserving any user content, credentials, personal details, or confidential instructions stored there. Because this skill is explicitly designed for cross-agent memory movement, the context makes the issue more dangerous: it operationalizes lateral data propagation between agents and normalizes broad access to stored user data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal