Memory Evolver

Security checks across malware telemetry and agentic risk

Overview

This skill locally checks OpenClaw memory files and writes an optimization log, which matches its stated purpose and shows no exfiltration or deceptive behavior.

Install this only if you want a local tool to inspect your OpenClaw memory/project files and keep an optimization history. Review the hard-coded Administrator workspace path, back up important memory files if needed, and enable the daily cron schedule only deliberately.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill writes to a fixed filesystem path and overwrites the optimization log without obtaining explicit user confirmation before modifying persistent data. In an agent-skill context, silent writes to a user workspace are security-relevant because they can alter records, destroy previous state on partial failure, or normalize unauthorized persistence even if the content appears benign.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal