ClawHub

Three Layer Memory + LanceDB Pro

Security checks across malware telemetry and agentic risk

Overview

This memory skill is not deceptive, but it sets up recurring jobs that can scan, summarize, retain, and recall conversation history without clear retention, review, or sensitive-data controls.

Install only if you intentionally want OpenClaw to maintain long-term memory from your conversations. Before enabling autoCapture or cron, review the separate memory-lancedb-pro plugin, decide what must never be stored, add a process to inspect and delete saved memories, and require approval before scheduled tasks modify MEMORY.md, SYSTEM_GUIDE.md, or other persistent agent guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script’s stated role is weekly memory compaction, but it injects an instruction to update SYSTEM_GUIDE.md, which expands its operational scope into broader system configuration or behavior documentation. In an agentic environment, this kind of scope creep can enable unintended persistence or indirect behavioral modification, especially if downstream automation or a user follows HEARTBEAT.md tasks without verifying that they are limited to memory maintenance.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases include broad terms like memory-related keywords that could cause accidental invocation in unrelated conversations. Unintended activation is risky here because the skill performs persistent capture, summarization, and scheduled maintenance, so a false trigger can lead to unwanted data collection or retention.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill description does not clearly warn that it enables automatic capture, scheduled scanning of sessions, persistent summarization, and cleanup/archive behaviors affecting user data. This is dangerous because users may unknowingly expose sensitive conversations to long-term storage, vector indexing, or deletion workflows without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script appends operational instructions to HEARTBEAT.md specifically to trigger downstream agent behavior, causing indirect file creation and modification in the workspace without any validation, approval gate, or clear user-facing warning at execution time. In an agent-integrated environment, this creates a prompt-injection-style control channel where scheduled automation can cause persistent state changes and summaries of prior conversations, which may include sensitive content, beyond what a user expects from a shell script.

Ssd 3

Medium
Confidence
90% confidence
Finding
The architecture explicitly describes broad automatic capture into LanceDB and automated maintenance of summaries and recalls, but it does not specify minimization, consent, exclusion rules, or sensitive-data filtering. In a memory skill, this context makes the issue more dangerous because the core purpose is long-term retention and retrieval of conversational content.

Ssd 3

Medium
Confidence
94% confidence
Finding
The Micro Sync workflow instructs scanning recent sessions, extracting decisions/content, and appending them into long-term memory files. This creates a clear pathway for persistent retention of potentially sensitive session data, especially since the workflow is automated and recurring rather than user-reviewed each time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal