Reminiscence-追忆

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local memory search tool, but its broad auto-trigger wording could search and reveal private memories after ambiguous requests.

Install only if you want the agent to search your local OpenClaw memory files. Use it for explicit memory/history retrieval, review the generated ~/.openclaw memory index files, and be aware that ambiguous search prompts may activate it unless the trigger rules are tightened.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The top-level description says the skill triggers for broad memory-recall scenarios such as '搜一下...' and similar phrasing, which can overlap with normal conversation. Overbroad triggering can cause unintended activation and unnecessary scanning of private memory files, exposing sensitive past content when the user did not clearly request memory retrieval.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The automatic trigger examples include broad phrases like '查一下 XXX 相关的内容' without constraints or counterexamples. In a memory-search skill, this is risky because it can hijack generic lookup requests and direct them toward private local memory, increasing the chance of accidental disclosure of sensitive notes or diary content.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal