Back to skill
Skillv1.0.4
VirusTotal security
Neverforget · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 27, 2026, 3:56 AM
- Hash
- bb9c51bfe36e18869fc844e8c4820d7b7a72d2a6ce562fd91ff17a514591f2c5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: neverforget Version: 1.0.4 The skill requests broad filesystem access (`~/`) for its stated purpose of 'full-environment indexing', which is a high-risk capability. However, it explicitly implements strong security measures to prevent data exfiltration by excluding sensitive directories like `~/.ssh`, `~/.aws`, `~/.env`, browser data, and GPG keys from being indexed, as seen in both `SKILL.md` and `package.json`. The install script and agent instructions in `SKILL.md` and `HEARTBEAT.md` are aligned with local memory management and reinforce these security exclusions. While the broad `~/` permission is concerning, the clear and intentional hardening against secrets exposure prevents classification as 'malicious'. The network access is limited to legitimate package and model download sites (pnpm.io, huggingface.co).
- External report
- View on VirusTotal