Miremo Research Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Miremo integration that lets OpenClaw search and create the user's notes using a user-provided API key.

Install only if you want OpenClaw to access your Miremo knowledge base. Use a dedicated Miremo API key if possible, keep the OpenClaw config out of version control and backups you do not trust, verify the MCP URL is official or a local server you control, and revoke the key if you stop using the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README instructs users to place a live Miremo API key directly into a local JSON config file, but it does not warn that this stores a long-lived credential in plaintext on disk. If the workstation is compromised, backups are exposed, or the config is accidentally shared, the key can be reused to access the user's Miremo data through the MCP server.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal