ClawHub

Mnemon Memory

Security checks across malware telemetry and agentic risk

Overview

Mnemon is a disclosed persistent-memory integration, but users should understand it installs OpenClaw hooks that can affect future agent behavior.

Install only if you want persistent cross-session memory for OpenClaw. Before running setup, review or trust the upstream mnemon package, inspect the generated OpenClaw hook/plugin settings after installation, avoid saving secrets, and use forget, gc, store removal, or eject controls when you no longer want stored memories or installed hooks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs users to run a setup command that writes into agent skill, hook, plugin, and prompt directories under the user's home directory, but it does not present this as a potentially security-relevant modification to the local agent environment. Because these installed hooks/plugins can influence agent behavior on bootstrap and per-message events, the omission reduces informed consent and can lead users to install persistent behavior-changing components they did not fully understand.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The uninstall/eject command removes previously installed components from the local agent environment, but the skill does not clearly warn that it may delete hooks, plugins, prompts, or related configuration. This can cause accidental loss of configuration or confusion about what state will be removed, especially in shared or customized agent setups.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal