ClawHub

Dual memory

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it combines local memory with SuperMemory cloud memory, but users should treat the cloud capture settings as privacy-sensitive.

Install this only if you want OpenClaw memory connected to SuperMemory. Avoid autoCapture or captureMode "everything" in workspaces containing secrets, customer data, proprietary code, or regulated information unless you are comfortable storing that material with the cloud provider. Also review the sibling openclaw-supermemory extension because this plugin delegates cloud behavior to it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documentation claims writes go to both local and cloud memory, but the analyzed behavior indicates the cloud backend is not actually written through and other non-memory capability fields may be passed through undocumented. This creates a trust and security-boundary problem: users may assume data is synchronized or confined to memory-only behavior when the implementation does something materially different.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly promotes automatic recall and automatic capture to a cloud memory provider, but it does not clearly warn users that conversation content may be transmitted off-device and retained by a third party. In a memory plugin that merges local and cloud backends and enables capture by default, this creates a real privacy and data-governance risk because operators may unknowingly sync sensitive prompts, secrets, or personal data to external infrastructure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The search method forwards the raw user query to a remote cloud provider whenever cloudSearch is configured, with no indication in this code of consent, redaction, policy checks, or disclosure. In a memory plugin, queries may contain sensitive workspace details, secrets, customer data, or internal prompts, so silent transmission to an external service creates a real confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The plugin resolves an API key from configuration or environment and initializes a cloud memory client automatically, but the code shows no explicit user-facing consent, disclosure, or policy gate before local memory content may be searched or synchronized to an external service. In a memory plugin, this is risky because stored memories can contain sensitive prompts, secrets, or personal data, and the composite design makes cloud transmission part of normal operation rather than an exceptional action.

Ssd 3

Medium
Confidence
92% confidence
Finding
The configuration encourages auto-capturing conversation content into a cloud memory provider in plain language, which risks transmitting sensitive prompts, credentials, personal data, and proprietary information off-host without meaningful minimization. In a memory plugin context this is more dangerous because users are likely to discuss broad, high-sensitivity context over long periods, increasing the volume and sensitivity of retained data.

Ssd 3

High
Confidence
97% confidence
Finding
Setting the default capture mode to "everything" implies indiscriminate collection and retention of all user-provided content, violating least-privilege and data-minimization principles. For a cross-session memory system, this can accumulate secrets and sensitive personal or corporate information in a third-party cloud service, expanding breach and compliance risk.

Ssd 3

Medium
Confidence
94% confidence
Finding
Promoting automatic cloud capture across sessions and devices increases the chance that sensitive context is persistently synchronized beyond the local environment and exposed to additional systems, accounts, or compromise paths. The skill context makes this more dangerous because memory aggregation across devices inherently broadens data scope and lifetime, even if done for convenience rather than malice.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal