ClawHub
Back to skill

Security audit

auto_dream

Security checks across malware telemetry and agentic risk

Overview

This skill is a local memory tool that matches its stated purpose, but users should be deliberate because it can read recent OpenClaw conversations and change long-term memory files.

Install only if you want OpenClaw to maintain durable local memory. Avoid running Dream mode after sessions containing secrets, credentials, regulated personal data, or confidential project details, and review the .auto-dream memories and MEMORY.md files before relying on or pruning them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Vague Triggers

Medium
Confidence
93% confidence
Finding
Using the bare trigger phrase "dream" is overly broad and can be invoked during ordinary conversation, causing the agent to start a memory-consolidation workflow unexpectedly. In this skill, that workflow reads logs, stored memories, and recent conversation history, so accidental activation can lead to unintended processing and persistence of user data.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The guidance encourages memory capture from natural-language requests like "记住 XXX" without clearly distinguishing casual mention from explicit consent to store information permanently. This creates a risk that the agent will persist user statements, preferences, or sensitive details when the user did not intend long-term retention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill says the AI will read daily logs, existing memory files, and recent session records, but it does not clearly warn users that consolidation may also update or delete stored memories. That lack of transparency undermines informed consent and can surprise users with data retention or modification they did not anticipate.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script collects recent conversation content from session files and writes a synthesized prompt containing that content to `.dream_prompt.md` without explicit consent, redaction, or a clear warning that sensitive user disclosures may be persisted to disk. In this context, the tool is specifically designed to mine and consolidate memory, so silent handling of potentially sensitive transcripts increases privacy and data-retention risk.

Ssd 3

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the AI to read recent conversation records and consolidate them into long-term memory files. Without content filtering, minimization, or sensitivity checks, this creates a natural-language data retention risk where private user statements, local service references, or confidential project details may be persisted and later exposed.

Ssd 3

Medium
Confidence
94% confidence
Finding
The examples encourage persistent logging of user goals, preferences, and workflow details with no guardrails against capturing sensitive content. In practice, users may phrase requests naturally and include personal, financial, health, or system-specific information that then gets appended to durable logs and memory files.

Ssd 3

Medium
Confidence
84% confidence
Finding
The consolidation prompt explicitly directs an AI agent to inspect recent logs and session transcripts and convert user-provided information into durable memory files. In a memory-management skill this behavior is intentional, but without data minimization, consent boundaries, or secret filtering it can retain sensitive disclosures long-term and broaden exposure if those files are later read by other agents or users.

Ssd 3

Medium
Confidence
91% confidence
Finding
The session harvesting code iterates through recent session files, extracts non-system message text, and packages it for AI analysis. That creates a real privacy/security issue because free-form user and assistant messages can contain secrets, personal data, or confidential business content that are then copied into another artifact and potentially persisted into memory files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal