OpenClaw Cortex Memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent long-term memory skill, but it gives agents broad authority to install a memory plugin and persist or import user history without clear consent boundaries.

Review before installing. Confirm you trust the external memory plugin and npm fallback, approve any plugin/config changes, decide whether historical conversations may be imported, and use scoped API keys with trusted endpoints. Treat stored memories as persistent records and verify how to review or delete them before enabling auto-sync or reflection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly directs the agent to persist 'durable new information' with `store_event` but does not require user consent, visibility, or any warning about retention. In a long-term memory plugin, this can cause silent collection and cross-session reuse of sensitive personal, organizational, or security-relevant data that users may not expect to be stored.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The reference documents a destructive `delete_memory` capability with only a raw `memory_id` parameter and no warning about confirmation, authorization, scoping, or reversibility. In an agent skill context, this can normalize unsafe use by downstream agents or developers, increasing the chance of accidental or unauthorized deletion of durable memory records.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal