ClawHub

Clever Compact

Security checks across malware telemetry and agentic risk

Overview

This memory plugin does what it says: it saves local session state and restores it later, with the main caution that restored state can influence future agent behavior.

Install only if you want local cross-session memory. Review or delete memory/compact-state-*.md files when needed, keep secrets out of state summaries, and be careful with prompts or documents that might ask the agent to run a memory flush.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
78% confidence
Finding
The skill documentation describes use of environment-derived workspace paths (`OPENCLAW_WORKSPACE`) and local file access, but the manifest shown in `SKILL.md` does not declare corresponding permissions or capabilities. Undeclared env-sensitive behavior reduces transparency and weakens user/admin ability to evaluate what the plugin can access before installation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manual trigger phrase, 'Run a Clever Compact flush,' is broad natural language that could be invoked unintentionally or by prompt injection inside ordinary content. Because it causes durable state writes, an attacker or untrusted document could coerce the agent into persisting manipulated or sensitive content into future sessions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill automatically injects prior state as system context on session start, but the description does not foreground this as a major trust-boundary change. Automatic system-context restoration can reintroduce stale, poisoned, or sensitive content with elevated authority in later sessions, especially after prompt injection or prior compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The plugin persists session summaries to disk automatically in a predictable workspace location, but this file contains no user-facing consent, notice, or access control. Even though it warns not to store secrets, summaries can still contain sensitive project data, and writing them unencrypted to disk increases exposure to local users, other tools, backups, or later unintended reuse.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The plugin automatically reads the most recent state file and prepends its contents into system context at session start without an explicit warning or approval step. This can reintroduce stale, sensitive, or attacker-influenced content into a privileged prompt position, potentially affecting model behavior and leaking prior-session data across resets in ways the user may not expect.

Session Persistence

Medium
Category
Rogue Agent
Content
**Session restore (automatic):** At the start of every session — including after `/new` and after compaction — Clever Compact checks for a recent compact-state file. If one exists (written within 72 hours), it injects the content as system context on the **first turn only**. Your agent wakes up oriented with zero per-turn token overhead.

**State write (triggered by you):** OpenClaw doesn't expose a pre-compaction lifecycle hook yet, so the write side is explicit — not automatic. Three ways to trigger it; pick one (see below).

---
Confidence
88% confidence
Finding
write (triggered by you):** OpenClaw doesn't expose a pre-compaction lifecycle hook yet, so the write side is explicit — not automatic. Three ways to trigger it; pick one (see below). --- ## Install

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal