Openclaw Token Memory Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill is a user-directed OpenClaw memory and token optimization guide, with the main caution that optional transcript indexing can expose sensitive past conversations to local search.

Install only if you want OpenClaw memory and token optimization guidance. Before applying examples, review openclaw.json edits, keep cron jobs intentional, save important session context before restarting, and avoid indexing full session transcripts unless you have removed secrets and are comfortable making those conversations searchable later.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill recommends indexing full session transcripts from ~/.openclaw/sessions/*.jsonl for semantic search but does not warn that these files may contain sensitive prompts, secrets, personal data, or prior tool outputs. Making transcript indexing a normal best practice increases the chance that private conversational history is unnecessarily ingested, retained, and surfaced during retrieval.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The Reset & Summarize workflow tells users to restart the gateway to clear active history, but it does not clearly warn that unsummarized session context may be lost if not persisted first. This is primarily an operational safety issue that can cause accidental loss of working context rather than a direct security compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal