ClawHub

OpenClaw Memory Upgrade

Security checks across malware telemetry and agentic risk

Overview

This memory guide is coherent, but it should be reviewed because it encourages automatic long-term storage and search of conversations, including secrets and personal details, without enough controls.

Install only if you intentionally want cross-session searchable memory. Before applying it, remove API keys, tokens, contact details, and other sensitive data from capture prompts; disable or narrow auto-capture; set explicit retention and deletion rules; and review any external memory plugins before installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The memoryFlush prompt explicitly instructs the agent to persist broad categories of sensitive data, including API keys, contact information, file paths, and user preferences, into long-term storage without consent, minimization, or redaction. This creates a clear privacy and secret-retention risk because highly sensitive conversational data can be written to durable files automatically during compaction.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Enabling sessionMemory and searching past session transcripts makes historical conversations persistently searchable, but the skill provides no user-facing disclosure about transcript retention or searchability. This increases the risk that private discussions, credentials, or regulated data from prior sessions are silently retained and resurfaced later.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manual memory guidance instructs the agent to write important events to persistent files and distill them into MEMORY.md, but it does not restrict what kinds of information may be stored. In practice, this encourages durable storage of potentially sensitive user, project, and operational data without safeguards or user awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Mem0 section recommends autoCapture and autoRecall of conversation-derived facts without warning that user data will be automatically persisted and later resurfaced. Automatic semantic capture broadens the privacy risk because users may not realize their statements are being stored beyond the immediate session.

Ssd 3

High
Confidence
99% confidence
Finding
This prompt directly instructs the system to save highly sensitive material such as API keys and contact information into memory files, which is a strong secret-handling failure. Persisting secrets and PII into long-term searchable storage materially increases the chance of later exposure through logs, indexing, plugin access, or accidental disclosure.

Ssd 3

Medium
Confidence
92% confidence
Finding
The session instructions require routine persistence of 'important' conversation content into daily and long-term memory files without any sensitivity screen. Because the process is ongoing and foundational to the skill, sensitive material can easily be retained indefinitely and later exposed through search or recall features.

Ssd 3

Medium
Confidence
93% confidence
Finding
Describing Mem0 as automatically capturing important facts 'without being told' creates a broad and underspecified retention mechanism for user data. That semantic capture can include information users did not intend to preserve, making accidental storage of sensitive or regulated content more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal