Ecloud Long Term Memory

Security checks across malware telemetry and agentic risk

Overview

This is a real cloud memory integration, but it asks for powerful credentials, stores raw personal memories remotely, and adds local persistence and agent-rule changes that users should review carefully.

Install only if you intentionally want personal memories and memory search queries sent to China Mobile eCloud and are comfortable providing cloud AK/SK credentials. Use least-privilege credentials, keep the generated .env out of version control, review or disable local logging, and avoid storing highly sensitive information unless the service's retention and deletion controls meet your needs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (18)

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The skill first forbids local persistence of user information and internal memory updates, then later requires recording configuration details into `AGENTS.md` or internal memory. This contradiction can cause an agent to persist sensitive identifiers outside the intended cloud store, defeating the stated privacy boundary and creating unintended local retention of personal/configuration data.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill's declared purpose is cloud-based long-term memory operations, but it additionally instructs the agent to modify local rule files and internal memory. That expands behavior beyond the user's expected task scope and creates an avenue for unauthorized persistence or configuration drift in the host environment.

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The skill searches for credentials in multiple local and home-directory .env files, including paths outside the skill’s own directory. That broadens its access to secrets beyond what is strictly required for the declared memory-service purpose and creates a risk of harvesting or unintentionally consuming unrelated credentials from the host environment.

Context-Inappropriate Capability

Low

Confidence: 81% confidence
Finding: The skill creates a persistent local log file and records operational details such as host, user/library identifiers, request URLs, and truncated responses. For a memory skill handling personal data, persistent local logging increases the chance that sensitive metadata or memory content will be exposed to other local users, backups, or forensic recovery.

Vague Triggers

High

Confidence: 91% confidence
Finding: The trigger rules are extremely broad and mandatory, covering common conversational statements like name, age, likes, and recall questions. In a memory skill handling personal data, overly broad invocation increases the chance that routine dialogue is automatically sent to external storage without clear user intent or contextual consent.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill instructs the agent to collect AK/SK credentials and use them for configuration, but provides no strong warning about credential sensitivity, safe handling, masking, storage restrictions, or the risks of sharing secrets in chat. Because these are cloud credentials, mishandling could enable account compromise or unauthorized access to the user's cloud resources.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The document requires recording configuration summaries locally or in internal memory but does not discuss the privacy and security implications of persisting identifiers. Even if AK/SK are not explicitly retained, storing user IDs and library IDs locally still creates unnecessary durable metadata that may expose account structure or link sessions to a person.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The manifest explicitly describes a cloud-backed long-term memory system that stores and searches user memories, including personal information, but provides no user-facing notice, consent language, or data handling disclosure. In a memory skill whose core purpose is transmitting sensitive personal content off-device, that omission creates a real privacy risk because users may unknowingly disclose PII to a remote service.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The save_memory function is defined to send the user's original message directly to cloud storage, and the skill description says it should capture names, ages, professions, and preferences. Because this directly handles highly sensitive personal data without any explicit warning, minimization, redaction, or consent mechanism, accidental exfiltration of PII to a third party is a substantial privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The saveMemory function sends user memory content, which the skill description says may include names, age, occupation, and preferences, to a remote cloud service without any in-band warning, consent, or confirmation. Because this skill is specifically designed to collect long-term personal memory, undisclosed transmission materially raises privacy and compliance risk.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The searchMemory function transmits user queries to a remote service without explicit disclosure. Search terms can themselves contain sensitive personal facts or reveal user interests, so remote processing without transparency exposes private information beyond user expectations.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script writes the Access Key and Secret Key directly into a project .env file, creating a persistent plaintext copy of credentials. Even with restrictive file mode 0600, this is still risky because .env files are commonly copied, backed up, committed by mistake, or exposed through local tooling, and the script does not explicitly warn the user before storing secrets this way.

Ssd 3

High

Confidence: 98% confidence
Finding: The skill directs the agent to persist cloud configuration details beyond the immediate task flow, including user and library identifiers, and suggests local files or internal memory as storage locations. In the context of a memory skill already handling sensitive personal data and cloud credentials, this increases long-term exposure and widens the blast radius of compromise.

Ssd 3

Medium

Confidence: 90% confidence
Finding: Requiring storage of the user's complete original statements means the system may retain far more personal or sensitive data than needed, including incidental identifiers, health, financial, or other confidential details embedded in natural language. In a long-term memory context, this raises privacy risk and makes over-collection more likely than extracting only the minimally necessary fact.

Credential Access

High

Category: Privilege Escalation
Content: } function getEnvPaths() { const paths = [path.join(__dirname, '.env')]; // 当前 skill 目录优先 paths.push(path.join(__dirname, '..', '.env')); // 判断当前目录是否包含 mobileclaw
Confidence: 88% confidence
Finding: .env'

Credential Access

High

Category: Privilege Escalation
Content: function getEnvPaths() { const paths = [path.join(__dirname, '.env')]; // 当前 skill 目录优先 paths.push(path.join(__dirname, '..', '.env')); // 判断当前目录是否包含 mobileclaw const cwd = process.cwd();
Confidence: 88% confidence
Finding: .env'

Credential Access

High

Category: Privilege Escalation
Content: const cwd = process.cwd(); const isMobileClaw = cwd.includes('mobileclaw'); if (isMobileClaw) { paths.push(path.join(os.homedir(), '.config', 'mobileclaw', '.env')); } // else { // paths.push(path.join(os.homedir(), '.openclaw', '.env'));
Confidence: 94% confidence
Finding: .env'

Credential Access

High

Category: Privilege Escalation
Content: // 1. 进程环境变量优先 if (process.env[key]) return process.env[key]; // 2. 按优先级读取 .env 文件 const envPaths = getEnvPaths(); for (const envPath of envPaths) { if (fs.existsSync(envPath)) {
Confidence: 90% confidence
Finding: .env

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal