ClawHub
Back to skill

Security audit

OpenClaw Memory Resilience

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a memory-setup guide, but it encourages automatic hidden persistence and placing credentials in files that agents reload into future sessions.

Review before installing or applying the configuration. Do not store API keys, passwords, tokens, cookies, or other secrets in MEMORY.md, TOOLS.md, or daily memory logs; use a secret manager or scoped environment configuration instead. Only enable automatic memory flush if users understand what may be saved, where it is stored, how to delete it, and which agents the global setting affects.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly states that OpenClaw injects a silent turn and saves important context to disk without the user seeing the turn. Hidden persistence of conversation-derived data creates a privacy and consent risk because users may not realize sensitive instructions, secrets, or personal data are being written to storage during compaction handling. In this skill's context, the behavior is central to the feature, which makes the issue more dangerous unless disclosure, consent, and data-handling limits are clearly documented.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly recommends storing "Credentials" in MEMORY.md, a durable bootstrap file that is reloaded into every session. Persisting secrets in broadly injected context increases the chance of accidental disclosure through prompts, logs, model output, indexing, or retrieval, and the file provides no warning, scoping guidance, encryption requirement, or safer alternative for secret handling.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal