ClawHub

Neverforget

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned local memory tooling, but it broadly indexes the user’s home environment into persistent agent memory and changes OpenClaw defaults.

Install only if you intentionally want OpenClaw to build persistent local memory from broad home/workspace content. Before running setup, narrow the indexed paths to specific project folders, review exclusions, avoid symlinking sensitive directories, and know how to delete the vector database and revert OpenClaw memory configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill claims there are no external API dependencies and presents the memory flow as sovereign/local, but it explicitly configures a model path that downloads from Hugging Face during setup. This is a material disclosure mismatch because users may rely on the claim when assessing network exposure, supply-chain risk, and offline/privacy requirements.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill description says it manages local vector embeddings and memory configuration, but the documented script also appends content into ~/.openclaw/workspace/HEARTBEAT.md. That side effect changes workspace state outside the narrowly described memory setup and can introduce persistent behavior without clear, upfront consent.

Intent-Code Divergence

Low
Confidence
84% confidence
Finding
The privacy statement says embeddings and vector searches are performed locally, but the same section notes that the model is downloaded from Hugging Face. While inference may still be local, the phrasing can mislead users into believing there is no external network interaction at all, weakening informed consent around privacy and supply-chain exposure.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The document makes a strong local-only/zero-external-leakage claim, but later instructs users to contact a registry and download packages and models over the network. That mismatch can mislead users into trusting the skill under a false security assumption, increasing the chance they authorize remote installs or downloads without proper review.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Instructing users to run a global package installation extends the skill's influence beyond its stated memory-management scope and modifies the host environment permanently. This increases attack surface and can normalize privileged or system-wide changes that are unnecessary for a documentation template.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill encourages indexing ~/ and shows broad filesystem permissions while only briefly mentioning exclusions. Indexing the home directory can ingest highly sensitive personal or operational data, and the same skill also modifies HEARTBEAT.md, yet the documentation does not provide a prominent, explicit warning about the user-data and persistence impact.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown describes an install script that changes configuration, installs software, appends monitoring components, restarts services, and triggers indexing, yet presents these steps as routine without a prominent security warning. Users may approve execution without understanding the breadth of system modifications, creating a path for unexpected persistence or harmful environment changes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal