ClawHub

Hippocampus

Security checks across malware telemetry and agentic risk

Overview

This skill reads and updates local OpenClaw context files for agent memory sync, with sensitive but disclosed local persistence behavior.

Install only if you want an agent to maintain HIPPOCAMPUS.md from the listed local OpenClaw sources. Review the registry paths before use, run it only in intended workspaces, and periodically check HIPPOCAMPUS.md, dated memory entries, and .learnings archives for sensitive, stale, or inaccurate content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill performs file-reading operations across the workspace and external paths, but the manifest does not declare those capabilities. Undeclared capabilities reduce transparency and can bypass normal review expectations, especially in a universal skill that may run broadly across agents.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill claims to update only HIPPOCAMPUS.md, but it also runs maintenance logic that can rewrite learning-related files, archive data, and apply aging rules unrelated to the advertised 14-day sync. This mismatch is dangerous because operators may authorize the skill expecting a narrow documentation update while it actually modifies additional persistent state.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The learnings decay step expands the skill from a context-sync task into a data-maintenance and archival task affecting other files and directories. Hidden secondary effects on LEARNINGS/ERRORS/FEATURE_REQUESTS-style artifacts increase the risk of unintended data loss, workflow corruption, or retention-policy changes without informed consent.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Invoking an external Python script introduces opaque behavior that is not auditable from this skill file alone and is broader than the stated purpose. External scripts can perform arbitrary filesystem changes, so this increases trust requirements and complicates review of what the skill actually does.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Describing the skill as 'universal' with broad daily sync behavior increases the chance it will be triggered in contexts where users did not intend persistent file reads/writes. Over-broad activation criteria are risky because this skill performs stateful operations, not just passive summarization.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs writes to HIPPOCAMPUS.md, memory files, and archival outputs without any up-front warning that workspace data will be modified. Silent state changes are hazardous in agent tooling because users may expect analysis-only behavior and lose track of what was persisted or moved.

Session Persistence

Medium
Category
Rogue Agent
Content
Sachee reads these files to make decisions. A bad hippocampus wastes his time; a good one surfaces what needs attention and why.

Daily incremental update of HIPPOCAMPUS.md for all 13 agents. Detects agent ID from `IDENTITY.md` `**ID:**` field, looks up domain config below, runs universal process with domain-specific sources and framing. If no ID match, write minimal HIPPOCAMPUS from own memory only.

---
Confidence
90% confidence
Finding
write minimal HIPPOCAMPUS from own memory only. --- ## 1. Activity Feed All agents except Bobina query events.db first (most authoritative source): ```bash sqlite3 ~/.openclaw

Session Persistence

Medium
Category
Rogue Agent
Content
### Step 10: Write, verify, deliver
1. Read `references/examples.md` for before/after examples of good hippocampus entries.
2. Write HIPPOCAMPUS.md. Timestamp: `> Last updated: YYYY-MM-DD HH:MM AEST`
3. Verify size vs target. Over? Compress.
4. Verify accuracy: verify every date against source files — a wrong date is worse than no date. Threads real, commitments sourced, domain data matches files.
5. **Domain enforcement check:** Review every item in Top of Mind, Open Threads, Recent Sessions, and Commitments against your registry's Track/Exclude lists. Delete any item that falls under Exclude — even if it appeared in a source file tagged with your agent name. Common violations: content agents absorbing deal events, pipeline agents absorbing infrastructure changes, JDN agents absorbing advisory data. If in doubt, ask: "Is this my domain, or am I echoing another agent's work?"
Confidence
91% confidence
Finding
Write HIPPOCAMPUS.md. Timestamp: `> Last updated: YYYY-MM-DD HH:MM AEST` 3. Verify size vs target. Over? Compress. 4. Verify accuracy: verify every date against source files — a wrong date is worse th

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal