ClawHub

Context Engine

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local project-memory skill, with the main risk that it intentionally saves project context across sessions.

Install only if you want project context remembered between sessions. Avoid saving secrets, credentials, or sensitive commands in project notes or context fields, and periodically review or remove the JSON files under /home/deus/.openclaw/workspace/memory/projects/ if you no longer want that history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill documents local storage under a project directory but also states it updates a separate long-term memory system, creating ambiguity about where user data is persisted. That mismatch can cause users to underestimate data retention scope and may lead to sensitive context being stored more broadly than expected.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The changelog states that the skill is triggered on "session_start, explicit mentions, heartbeat," which is broad enough to enable automatic execution without a narrowly defined user action. In a skill that can restore context, switch projects, and interact with persistent memory, ambiguous triggers increase the chance of unintended activation, surprise data access, or background state changes without clear user consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The changelog describes persistent storage of project memory under /home/deus/.openclaw/workspace/memory/projects/ and lists actions that save and restore context, but provides no warning about retention, sensitivity, or user control over stored data. This is risky because users may not realize commands, notes, pending tasks, and file-related context are being retained across sessions, which can expose sensitive project information or create privacy and compliance issues.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Using a generic trigger term like "project" makes the skill likely to activate during ordinary conversation, even when the user did not intend to invoke persistence or project-management behavior. In a memory-oriented skill, accidental invocation is more dangerous because it can save, switch, or expose contextual data without clear consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill says it automatically restores context, saves periodically via heartbeat, and saves on session end, but does not provide a clear warning about ongoing automatic persistence. Users may share sensitive information assuming it is ephemeral, when in fact it is retained across sessions and on a schedule.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The code creates and writes persistent project metadata to a fixed location under /home/deus/.openclaw/workspace/memory/projects without any notice, consent, or visibility to the user. Because the stored data includes project names, descriptions, notes, last files, commands, and pending tasks, this can silently retain sensitive workflow information across sessions and expose it to local users, backups, or other tooling.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The session file is initialized and updated on disk automatically, recording session timing and context stack data without any user-facing warning. In this skill context, the engine is specifically designed to preserve conversational and project state, so undisclosed persistence increases privacy risk because users may not realize their activity history is being retained between sessions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal