AOI Triple Memory (Lite)
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: aoi-triple-memory-lite Version: 0.1.2 The `skill.js` file contains a command option injection vulnerability in its `search` function. The user-provided query (`--q`) is passed directly to the `rg` (ripgrep) command via `node:child_process.spawnSync` without adequate sanitization. While `spawnSync` with an array of arguments generally prevents shell injection, a malicious query could still inject `rg`-specific options (e.g., `--files`, `--max-depth`, or potentially `--exec`) to alter the command's behavior or, in a worst-case scenario, lead to arbitrary command execution. There is no evidence of intentional malicious behavior like data exfiltration or backdoors, but this vulnerability poses a significant risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Search results may expose matching lines from local workspace files to the agent or terminal.
The skill runs the local ripgrep tool with a user-supplied query over the workspace. This matches the stated search purpose, but it is still local tool execution that can return workspace file contents.
const res = spawnSync('rg', ['-n', q, root], { encoding: 'utf8' });Use the skill only in workspaces you intend to search, and consider adding a `--` separator before the query to avoid ripgrep option ambiguity.
The command may fail or use whatever `rg` binary is already installed on the local system.
The registry requirements declare no binaries, while `skill.js` depends on the external `rg` command. This is not hidden malicious behavior, but the runtime dependency is under-declared.
Required binaries (all must exist): none; Required binaries (at least one): none
Declare ripgrep as a required binary and ensure users install it from a trusted source.
Information written into notes may remain in the project and be reused or searched later.
The skill creates persistent decision-note files inside the workspace. This is expected for a memory/note skill, but stored notes can later influence work or contain sensitive information.
const dir = path.join(root, 'context'); ... fs.writeFileSync(file, body, 'utf8');
Review generated notes before relying on them, avoid storing secrets or private data, and keep the workspace scope limited.