Openclaw Memory Enhancer

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory skill, but users should understand that recalled memories may be included in future LLM prompts.

Install this only if you want OpenClaw to retain and reuse local memory across sessions. Do not put secrets, credentials, regulated data, or confidential notes in the memory directory unless you are comfortable with them being persisted, exported, and potentially included in prompts sent to your configured LLM. Review the linked GitHub code before running the referenced Python scripts, since the ClawHub artifact itself only includes documentation.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The skill claims that all data remains local and that no data leaves the device, but its own integration example shows recalled memory context being appended to a prompt and sent to an external LLM. That mismatch can cause users to expose stored memories, prior chats, or sensitive notes under a false expectation of privacy.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation advertises automatic loading of all files from the memory directory without a prominent warning that this may ingest prior conversation logs or sensitive user data. In a memory/RAG skill, this context increases risk because users may enable it without realizing the breadth of data collection and later retrieval or sharing behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal