Back to skill

Security audit

Cognitive Brain Deploy

Security checks across malware telemetry and agentic risk

Overview

This looks like a real deployment helper, but it needs review because it makes privileged system changes and installs persistent memory-related jobs with limited user control.

Install only after manually reviewing the script. Use a unique database password, back up any memory data before troubleshooting SQL, verify the Cognitive Brain repository before npm install or hook setup, inspect existing crontab entries, and be comfortable with PostgreSQL, Redis, cron jobs, and OpenClaw hooks persisting on the host.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises shell-based deployment behavior but does not declare permissions, which hides its actual execution capabilities from users and any permission-aware tooling. In a deployment skill that installs software, modifies configuration, and sets up cron/hooks, this mismatch reduces transparency and increases the chance of unreviewed system changes.

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The cron duplicate check searches for "brain-forget.cjs", but the installed command is "node scripts/forget.cjs". As a result, the guard never matches and repeated executions of the deploy script will append duplicate cron entries, causing repeated background jobs and possible resource exhaustion or duplicated processing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The markdown directly instructs users to run a one-click deployment script and configure cron/hooks without any warning that these actions will install software and persistently modify the host system. Because this is specifically a deployment skill for databases, services, scheduled tasks, and hooks, the context makes the omission more dangerous: users are being encouraged to execute privileged, system-altering operations with minimal disclosure or review.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The troubleshooting guidance includes `DROP TABLE memories;` followed by recreation, but does not warn that this irreversibly deletes all stored memory data. In a deployment/troubleshooting skill, operators may copy-paste commands under pressure, so omission of a data-loss warning materially increases the risk of accidental destructive action.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script overwrites config.json with hardcoded database credentials, storing a reusable plaintext password on disk. This creates credential exposure risk and can silently replace safer existing settings, broadening access to the database for any local user or process that can read the file.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script modifies the user's crontab to establish recurring execution without explicit confirmation. In the context of an agent skill, persistent scheduled execution materially increases risk because it causes ongoing code execution after the initial install and may run arbitrary Node scripts from the skill directory indefinitely.

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
$SUDO apt update

    # Node.js 18
    curl -fsSL https://deb.nodesource.com/setup_18.x | $SUDO bash - || error "Node.js 安装失败"
    $SUDO apt install -y nodejs

    # PostgreSQL + Redis
Confidence
96% confidence
Finding
SUDO

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
# PostgreSQL + Redis
    $SUDO apt install -y postgresql postgresql-contrib redis-server git curl

    $SUDO systemctl enable --now postgresql redis

    log "依赖安装完成 ✓"
}
Confidence
90% confidence
Finding
SUDO

Session Persistence

Medium
Category
Rogue Agent
Content
mkdir -p $HOME/.openclaw/logs

    # 检查是否已添加
    if crontab -l 2>/dev/null | grep -q "brain-forget.cjs"; then
        warn "Cron 任务已存在,跳过"
    else
        (crontab -l 2>/dev/null; echo "$CRON_CMD1"; echo "$CRON_CMD2"; echo "$CRON_CMD3") | crontab -
Confidence
95% confidence
Finding
crontab -l

Session Persistence

Medium
Category
Rogue Agent
Content
if crontab -l 2>/dev/null | grep -q "brain-forget.cjs"; then
        warn "Cron 任务已存在,跳过"
    else
        (crontab -l 2>/dev/null; echo "$CRON_CMD1"; echo "$CRON_CMD2"; echo "$CRON_CMD3") | crontab -
        log "Cron 任务添加完成 ✓"
    fi
}
Confidence
95% confidence
Finding
crontab -l

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.