Security audit

Better Memory

Security checks across malware telemetry and agentic risk

Overview

This is a local workspace memory-management skill whose persistent file changes are disclosed and aligned with its purpose.

Install this only in workspaces where you want durable agent memory. Review the managed AGENTS.md and MEMORY.md blocks, the .openclaw-memory-os sidecar files, generated migration and cleanup plans, and the cron template before enabling scheduled maintenance or cleanup actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill directs execution of multiple Python scripts that read and write workspace files, but it does not declare any permissions for those capabilities. This creates a transparency and consent problem: an agent or user may invoke the skill without realizing it can modify AGENTS.md, MEMORY.md, daily logs, sidecar state, cron templates, and cleanup artifacts across the workspace.

Vague Triggers

Medium

Confidence: 81% confidence
Finding: The default prompt uses a broad trigger phrase, "Use $better-memory," combined with sweeping actions like install and ongoing maintenance. This can cause the skill to activate on loosely related requests and perform memory-affecting operations without sufficiently explicit user intent, which is risky because the skill manages persistent memory and maintenance workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal