ClawHub

Self Memory Manager

Security checks across malware telemetry and agentic risk

Overview

This memory skill is not destructive, but it tells the agent to save account/API details and copy an OpenClaw config file into a Desktop notes folder, so it needs review before use.

Install only if you are comfortable with the agent saving local memory files. Before use, remove the config-copy command, prohibit saving secrets, tokens, account details, and raw configuration files, and require explicit approval before the agent writes to or searches the memory folder.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The example command copies `~/.openclaw/openclaw.json` into a desktop archive folder, which likely contains configuration and possibly secrets or tokens unrelated to ordinary memory-management notes. In the context of a self-memory skill, this expands data collection beyond necessary workflow state and encourages persistent storage of sensitive local configuration in an exposed location.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The skill description defines broad triggers such as context thresholds, important information, summaries, and cleanup without clear scope boundaries or exclusions. This can cause the skill to activate in many ordinary situations and perform persistence actions on data the user did not intend to archive.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger '完成重要任务后' is undefined, so the agent could classify many interactions as important and archive them automatically. In a memory-management skill, that ambiguity directly increases the chance of storing sensitive conversation content or operational data without clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The usage scenarios include vague triggers like '用户问之前的事' and '每天结束' without documented limits on what may be searched or stored. This makes it easier for the skill to overreach into persistent files and prior conversation data in ways users may not expect.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly lists '账号信息' and similar sensitive operational details as archive targets, but provides no privacy warning, minimization guidance, or secure handling instructions. Persisting such information to local notes creates a clear confidentiality risk and can expose credentials or personal data through later access, sync, or compromise.

Missing User Warnings

High
Confidence
98% confidence
Finding
The documented command instructs copying a likely sensitive configuration file into a desktop folder without any warning that it may contain credentials or private settings. Desktop folders are commonly less protected and more likely to be backed up, indexed, or casually accessed, increasing exposure.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill directs the agent to retain sensitive account information and project state in persistent local memory, creating an avoidable long-term data retention risk. In the context of an automated memory workflow, persistent natural-language notes can later leak through file access, backup systems, shared desktops, or accidental reuse in future sessions.

Ssd 3

Medium
Confidence
92% confidence
Finding
The workflow promotes automatic archival of 'important' task information and retrieval from the work folder when prior content is needed, but it lacks sensitivity boundaries. This increases the chance that prior conversation details, internal instructions, or confidential project data are copied into persistent files without adequate review.

Ssd 3

Medium
Confidence
97% confidence
Finding
The example command semantically normalizes placing a configuration file into persistent memory storage, which can capture secrets and machine-specific settings indefinitely. This is especially dangerous in a skill whose purpose is ongoing self-memory management, because it encourages repeated retention of sensitive artifacts as routine workflow.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal