Back to skill

Security audit

Memory Management (PARA)

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate memory-maintenance purpose, but it can rewrite persistent agent memory and delete raw logs without clear review or rollback controls.

Install only if you want an agent to maintain long-term OpenClaw memory. Keep it manually invoked or require reviewable diffs before enabling automation, and make backups before allowing updates to core memory files or deletion of processed logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The documented trigger phrases are broad and not scoped with confirmation, authorization, or environmental constraints, so the skill may activate during ordinary conversation or maintenance-like prompts. In a memory-management skill that scans and updates workspace files, unintended activation can lead to unsolicited file reads and writes, making this a real safety issue even if the goal is legitimate automation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README states that the agent will scan the memory directory, extract insights, and merge them into master files, but it does not clearly warn users that the skill performs data-impacting reads and writes. For a persistence-oriented memory skill, this omission is dangerous because users may invoke it without understanding that it can alter long-term knowledge stores, propagate mistakes, or preserve sensitive information beyond the original context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs deletion of original memory log files after appending them to an archive, but it provides no user confirmation, rollback mechanism, integrity verification beyond a vague 'confirm append succeeded,' or warning about irreversible data loss. In a memory-maintenance skill operating on user history, this creates a real risk of accidental destruction of primary records if archiving is partial, corrupted, misrouted, or incorrectly deduplicated.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.