ClawHub
Back to skill

Security audit

Triple Memory Lake

Security checks across malware telemetry and agentic risk

Overview

This skill appears local-only and purpose-related, but it can copy and retain broad private AI session history without enough scoping or cleanup controls.

Install or run this only if you intentionally want Claude Code session logs and OpenClaw agent metrics copied into a persistent local memory lake. Review and narrow the source paths first, remove secrets from existing logs, inspect generated pattern files before relying on them, and delete the memory directory when you no longer want that history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents shell commands that copy data from user home directories and writes the results into a persistent memory tree, but it declares no permissions. That mismatch weakens reviewability and informed consent because a user or platform cannot easily tell that filesystem reads/writes and shell execution are expected capabilities.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill presents itself as a memory unification utility, but the documented behavior includes reading from sensitive home-directory paths, mining patterns from session data, and persisting derived knowledge such as user preferences and workflow patterns. This description-behavior gap can mislead users about the breadth of collection and retention, increasing the risk of oversharing sensitive data under an apparently routine memory-sync function.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Importing self-improving metrics from ~/.openclaw/agents into long-term storage can disclose operational history, model behavior, and other potentially sensitive telemetry if done without notice or controls. The risk is amplified because the data is moved from its original context into a consolidated knowledge lake where it may be retained or reused more broadly.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Importing self-improving metrics from ~/.openclaw/agents into long-term storage can disclose operational history, model behavior, and other potentially sensitive telemetry if done without notice or controls. The risk is amplified because the data is moved from its original context into a consolidated knowledge lake where it may be retained or reused more broadly.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The script copies raw lines containing error-related keywords from source JSONL files directly into markdown output, which can persist sensitive data such as prompts, stack traces, secrets, paths, tokens, or personal information into a new, easier-to-browse location. In this memory-lake context, aggregating data from multiple sources increases the likelihood that confidential content will be unintentionally retained and propagated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script copies Claude Code session JSONL files from the user's home directory into a separate memory lake without any notice, consent check, redaction, or access control. Those logs can contain prompts, secrets, API keys, file contents, and other sensitive conversation data, so silently replicating them increases exposure and retention risk if the memory directory is later indexed, shared, committed, or read by other tools.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script copies per-agent metrics from a user home directory into repository-managed storage without any notice, consent check, allowlist, or sanitization. Even if the source is local, metrics can contain sensitive behavioral, operational, or identifying data, and centralizing them in a shared memory lake increases retention, access, and accidental commit/exfiltration risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
Copying complete Claude Code session logs into a memory lake creates a direct data retention and leakage pathway for natural-language content, including private conversations, credentials, proprietary code, or customer data present in sessions. Because the design centralizes and persists those logs, any later access, indexing, or sharing of the memory lake can amplify the blast radius.

Ssd 3

Medium
Confidence
90% confidence
Finding
The memory design explicitly consolidates daily logs, user preferences, and long-term memory artifacts, which increases the chance of over-retaining personal or sensitive information beyond its original purpose. Context makes this more dangerous because the skill's purpose is persistent memory aggregation, so the risky retention is not incidental but central to the workflow.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.