Security audit

SeekDB Memory Setup

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent cloud-memory installer, but it enables ongoing automatic remote capture and recall of conversation-derived data with limited privacy controls.

Install only if you intentionally want OpenClaw to send summarized conversation content to a cloud memory service and recall it in future sessions. Verify the m0 package and service endpoint, protect the access key, back up your OpenClaw config, and confirm how to disable capture and delete stored memories before enabling it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (6)

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger conditions include broad natural-language phrases such as “配置云端记忆”, “安装记忆插件”, and “setup memory”, which can overlap with ordinary conversation and cause the skill to run unexpectedly. In this skill, accidental activation is more dangerous because execution leads to configuration changes, package installation, remote service setup, and enabling persistent cloud memory.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill states that conversation memories will be automatically injected before chats and extracted and written afterward, but it does not present a clear privacy warning or informed-consent step. Because this is persistent cloud storage of conversation-derived data, the missing disclosure materially increases the risk of collecting and retaining sensitive user information without meaningful consent.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill performs network requests to create and validate remote instances, but it does not clearly disclose that user data and identifiers will be transmitted to an external service. In context, these requests are part of onboarding a cloud memory system, so the omission makes the data flow less transparent and increases privacy and trust risks.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The skill instructs the user to disclose their public IP address to an external administrator without any privacy notice, minimization guidance, or confirmation step. A public IP is not a secret credential, but it is still sensitive operational metadata that can reveal approximate location, organization, or home network details and may be mishandled or retained unnecessarily.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill enables automatic capture and persistence of conversation-derived memories to a cloud service without meaningful minimization, filtering, or consent controls. This is dangerous because conversations can contain credentials, personal data, proprietary information, or other sensitive material that would then be retained and recalled automatically.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The configuration explicitly sets autoCapture and autoRecall to true, causing the agent to send and retrieve conversation content through the remote m0 plugin automatically. In this context, the risk is elevated because the skill also configures a memory slot globally, making unintended retention and later disclosure more likely across future interactions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal