Cross-Platform Memory Bridge
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its stated memory-bridge purpose, but it automatically places private cross-platform chats and local memory into high-priority agent context, creating privacy and prompt-injection review concerns.
Install only if you intentionally want recent Telegram/Discord messages and local OpenClaw memory files included in agent context. Before use, review the helper code, restrict the configured paths, remove hard-coded personal labels, and add safeguards so remembered messages are treated as untrusted quoted context rather than instructions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private messages or notes from one platform can influence later responses on another platform, and poisoned or misleading remembered content can affect the agent's behavior.
This confirms automatic reuse of private cross-platform conversation history as agent memory, without showing per-request approval, channel scoping, or exclusions for sensitive content.
Reads recent user messages from Telegram and Discord session logs and injects them into the agent's memory context on every gateway request.
Make memory inclusion opt-in or channel-scoped, show what context is being added, allow exclusions, and keep strong limits on retention, content length, and sensitive sources.
A malicious or accidental instruction stored in a recent chat could be treated as higher-priority context and steer the agent away from the current user's intent.
The instructions elevate retrieved chat and memory text into the system role. If a Telegram/Discord message contains instructions, the artifacts do not show a guardrail telling the agent not to follow those instructions.
const messages = memoryContext
? [{ role: 'system' as const, content: memoryContext }, { role: 'user' as const, content: message }]Pass recalled messages as quoted untrusted data, not as authoritative system instructions, and add an explicit rule that instructions inside memory/context must not be followed unless the current user confirms them.
The agent may remember or cite information as coming from the wrong person, reducing trust in responses.
The helper hard-codes the sender label as 'Dan' for recalled messages, which can misattribute content if the skill is used by someone else or with multiple participants.
result.telegram = recentTelegram.map((m) => `[telegram] Dan: ${m.text}`);Make the display name configurable or preserve the actual sender/channel metadata instead of hard-coding a personal name.
Users have less information for verifying the maintainer or reviewing future updates.
The skill asks users to copy helper code into their mission-control project, but the registry metadata does not provide an upstream source or homepage for provenance.
Source: unknown; Homepage: none
Review the included TypeScript file before copying it into your project and prefer a skill release with a verifiable source repository.