Human-Like Memory Plugin

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote long-term memory plugin; the main risk is intentional storage of conversation data on an external service.

Install only if you are comfortable sending conversation content to plugin.human-like.me for long-term storage and retrieval. For cautious use, set addEnabled=false or recallEnabled=false initially, configure a distinct userId for each real user, keep stripPlatformMetadata=true unless needed, and avoid storing secrets, credentials, regulated personal data, or confidential business content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (9)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill advertises remote API usage and network-backed memory functionality, but the manifest shown in SKILL.md does not declare corresponding permissions or provide an explicit permission model. Undeclared network capability weakens transparency and informed consent, making it easier for a user or host system to install a plugin that sends data off-box without clearly signaling that behavior.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The registered tools can perform memory search and storage using toolCtx plus fallback identity resolution that ultimately permits generic identities such as a configured shared userId or the hardcoded default 'openclaw-user'. That means a tool call may read from or write to memory that is not strongly bound to the active authenticated user/session, creating cross-user data mixing, unauthorized recall, and privacy breaches in multi-user or shared-agent deployments.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README prominently advertises automatic memory recall and storage via a remote API, but it does not clearly and explicitly warn that user conversations and context may be transmitted off-host to a third-party service before users enable it. In an agent memory plugin, this is security-relevant because operators may assume local-only memory behavior and unintentionally expose sensitive prompts, preferences, or business data to an external provider.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The plugin states that it automatically recalls before each response and automatically stores conversations after each response, while using a remote API, but it does not present a prominent warning that conversation content may be transmitted to and retained by a third-party service. Because this is long-term memory and happens automatically, sensitive prompts, personal data, secrets, or regulated information could be exfiltrated or persist remotely without meaningful user awareness.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The add-memory path sends conversation messages, user identifiers, agent identifiers, session information, and derived metadata to a remote service at plugin.human-like.me. There is no user-facing consent, disclosure, minimization, or opt-in flow in the code, so sensitive conversation history may be exfiltrated off-platform unexpectedly and retained externally.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The memory search path transmits the user's query, user_id, agent_id, conversation_id, scenario, and related metadata to an external API for recall. Even though this is core plugin functionality, the absence of user-visible warning or consent means sensitive prompts can be disclosed to a third party whenever recall runs automatically before prompt build.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The manifest explicitly advertises automatic memory recall and storage, but the file does not define clear activation boundaries, consent flow, or scope limits for when user data is searched or persisted. In a memory plugin, ambiguous automatic invocation increases the risk of collecting or surfacing sensitive conversation history without user awareness or least-privilege controls.

Missing User Warnings

High

Confidence: 97% confidence
Finding: This plugin is designed to store and search long-term user conversation data via a remote service, yet the manifest provides no explicit user-facing privacy notice, retention disclosure, or data handling warning. Because the plugin processes potentially sensitive personal and conversational data, the lack of transparent disclosure and consent materially increases privacy, compliance, and data exfiltration risk.

Ssd 3

Medium

Confidence: 91% confidence
Finding: The memory_store tool explicitly encourages agents to persist 'important information, user preferences, or key decisions' and then sends that content to remote storage. In an agent skill context, this increases the chance of collecting sensitive personal data or secrets without adequate classification, consent, expiration, or access controls, making over-retention and downstream privacy harm more likely.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal