Synthetic Supermemory

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for persistent agent memory, but it needs review because it can repeatedly process private transcripts and send derived content to external services.

Install only if you intentionally want automated long-term memory over OpenClaw sessions. Use dedicated low-privilege API keys, set --provider explicitly, start with dry runs, review or redact memory files before upload, avoid broad all-session cron until trusted, and know how to remove the cron entries and revoke keys.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (10)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill declares required environment variables in metadata and instructs use of API keys, but the static finding indicates there is no explicit permission declaration corresponding to those capabilities. In a skill that persists transcripts to disk and sends summaries to external services, undeclared env/code capabilities reduce transparency and can cause the skill to be invoked with more access than users expect.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The description includes very broad trigger language such as requests about memory, recall, and long-term context, which can cause the skill to activate in many situations involving sensitive conversational data. Because this skill stores session-derived memories and transmits summaries to external providers, overbroad activation materially increases accidental collection and disclosure risk.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The document explicitly describes append-only transcript storage under the user's home directory for agent sessions, and this skill's purpose is long-term memory ingestion and semantic recall across sessions. Because transcripts can contain highly sensitive prompts, tool inputs, secrets, and personal data, documenting and operationalizing persistent local storage without privacy, retention, or access-control guidance increases the risk of accidental exposure and over-collection.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script sends the user-supplied container identifier and recall query to the external Supermemory service via client.profile() without any runtime disclosure, consent flow, or data-minimization guardrails. In a memory skill, those fields can encode sensitive agent identity, project names, recent work, or other contextual metadata, so silent transmission to a third party creates a real privacy and data-governance risk even if the behavior is functionally intended.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script sends conversation transcript content to OpenAI or Anthropic for summarization, but there is no explicit consent gate, notice, redaction policy, or scope limitation beyond ad hoc text stripping. Because transcripts can contain sensitive user data, this creates a real privacy and data-governance risk through third-party disclosure.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script can upload generated memory entries to the external Supermemory service whenever SUPERMEMORY_API_KEY is present, with no runtime confirmation or content classification. Even though the uploaded content is summarized rather than raw, it still contains session-derived facts, decisions, paths, and names, making unauthorized external retention and cross-session exposure a significant privacy risk.

Ssd 3

Medium

Confidence: 88% confidence
Finding: The prompt explicitly instructs the model to extract and retain specific facts such as names, versions, paths, decisions, and outcomes into persistent memory documents. In a long-term memory skill this is functionally intended, but it still creates a real data-retention vulnerability when sensitive or unnecessary user-provided details are preserved without minimization rules or consent boundaries.

Ssd 3

High

Confidence: 95% confidence
Finding: This code sends persistent session-derived memories to a third-party semantic memory platform, increasing the sensitivity of the retention behavior because data leaves the local environment and becomes searchable across sessions. In the context of a memory skill, this is the core feature, but it is still dangerous if users or operators have not explicitly approved externalization of potentially sensitive conversation content.

Session Persistence

Medium

Category: Rogue Agent
Content: node scripts/recall.js --container my-agent ``` ## Cron setup (add via `crontab -e`) ```bash # Scribe active sessions hourly
Confidence: 94% confidence
Finding: crontab -e

Session Persistence

Medium

Category: Rogue Agent
Content: cd /path/to/skills/synthetic-supermemory && npm install # Store keys securely (do NOT put secrets in crontab) mkdir -p ~/.openclaw/secrets echo "sk-your-openai-key" > ~/.openclaw/secrets/scribe-key && chmod 600 ~/.openclaw/secrets/scribe-key echo "sm-your-supermemory-key" > ~/.openclaw/secrets/supermemory-key && chmod 600 ~/.openclaw/secrets/supermemory-key
Confidence: 70% confidence
Finding: mkdir -p ~/.openclaw/secrets echo "sk-your-openai-key" > ~/.openclaw/secrets/scribe-key && chmod 600 ~/.openclaw/secrets/scribe-key echo "sm-your-supermemory-key" > ~/.openclaw/secrets/supermemory-key

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal