ClawHub

Context Engine

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local project-memory skill that persists context across sessions, so users should avoid saving secrets in it.

Install only if you are comfortable with local project context being remembered across sessions. Do not save secrets, credentials, private customer data, or sensitive command history in project notes/context, and periodically review or delete the files under `/home/deus/.openclaw/workspace/memory/projects/` if the saved context is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The changelog states the skill can trigger on "session_start, explicit mentions, heartbeat" without defining narrow activation conditions or user-consent boundaries. In a memory-management skill that can restore context and switch projects, broad or automatic triggers can cause unintended invocation, leading to unexpected loading, exposure, or modification of persisted project state.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The changelog describes saving topic, file, command, pending tasks, and notes to persistent storage under /home/deus/.openclaw/workspace/memory/projects/ but gives no warning that potentially sensitive session context is retained. Because the skill also restores context automatically, users may unknowingly persist secrets, file paths, commands, or operational notes that could later be exposed to other sessions, users, or components with filesystem access.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes the generic term "project," which is likely to appear in normal conversation and can cause accidental invocation of the skill. Because this skill persists and restores context, unintended activation can lead to unwanted state changes or storage of conversation details without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automatic restore and periodic saves but does not clearly disclose that conversation content, commands, tasks, and notes may be persisted to disk over time. Users may unknowingly expose sensitive data through routine use, especially in environments where session content can contain secrets, internal paths, or proprietary project details.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script persistently stores project and session context to fixed files under the user's home directory without any consent flow, disclosure, retention control, or access restriction handling. Because the stored fields include notes, last commands, file names, and pending tasks, this can silently retain sensitive operational context across sessions and expose it to other local processes or users if filesystem permissions are weak or the host is shared.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal