ClawHub

OpenMem - Longterm Compressed Memory

Security checks across malware telemetry and agentic risk

Overview

OpenMem is a coherent long-term memory skill, but it needs Review because setup installs recurring automation that can read private transcripts and irreversibly overwrite session logs by default.

Install only if you want a persistent memory system that reads past OpenClaw sessions and stores selected memories locally. Before enabling setup defaults, consider disabling the cron job or running compression with --no-wipe, keep backups of session logs, avoid storing secrets or personal data, and review or delete the plaintext database/cache when needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The script does more than compress memory into SQLite: it irreversibly overwrites original JSONL session logs with a stub after extraction. In a long-term memory tool, that destructive behavior materially changes the risk profile because failed extraction, missed context, or later audit needs can lead to permanent loss of original conversation data.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The code wipes large session files even when zero memories were extracted, based on a false assumption that this means no valuable data exists. That can permanently destroy complete conversation histories when extraction fails, the model is unavailable, heuristics miss content, or parsing errors occur.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The setup script performs platform-side configuration in addition to local database initialization: it registers an MCP server and installs an hourly cron job. That expands the trust boundary and persistence of the skill beyond what a user may expect from a simple setup step, making accidental overreach or abuse more dangerous in an agent environment.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The on-demand phrases "compress my sessions" and especially "save this to long-term memory" are broad enough to be triggered during ordinary conversation rather than an intentional administrative action. In this skill's context, activation causes reading sensitive transcript history and potentially persisting extracted memories, so accidental invocation can create privacy-impacting side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The hook reads persisted memory data from a local JSON cache and injects it into the agent bootstrap context without any consent check, session scoping, or disclosure at injection time. In a memory skill, this behavior is expected functionality, but it still creates a real confidentiality risk because sensitive prior-session content can be surfaced automatically into a new session and influence the agent or be exposed to the user unintentionally.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The schema explicitly documents persistent storage of user preferences and session-derived memories in a local SQLite database, but provides no notice about retention, consent, sensitivity handling, or deletion expectations. In a long-term memory skill, this omission increases the risk that operators or users will unknowingly persist personal or sensitive conversational data beyond the active session.

Ssd 3

Medium
Confidence
94% confidence
Finding
This hook is designed to inject prior-session memories into every bootstrap, which directly increases the chance of cross-session disclosure of sensitive plain-language information. The skill context makes this more dangerous rather than less, because a long-term memory system handling free-form user content is especially likely to retain credentials, personal data, or confidential workflow details unless strict controls exist.

Ssd 3

Medium
Confidence
82% confidence
Finding
The extraction prompt explicitly tells the model to retain user preferences, project details, systems, setup, and important events, which can include sensitive personal or operational information. In this skill's context, automated long-term memory compression increases privacy and data-minimization risk because it persistently stores distilled user data without visible filtering for secrets or sensitive categories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal