Security audit

Mindkeeper

Security checks across malware telemetry and agentic risk

Overview

Mindkeeper is a disclosed versioning helper for AI context files, with expected persistence and rollback abilities that users should understand before enabling.

Install only if you want ongoing version history for AI context and memory files. Review the external mindkeeper-openclaw plugin before approving setup in sensitive environments, avoid storing secrets in tracked context files, and inspect rollback previews carefully before confirming changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 80% confidence
Finding: The skill instructs the agent to directly edit tracked files while only optionally mentioning that a background watcher may automatically capture and persist those changes. In a context involving sensitive agent memory, identity, or rules files, silent auto-tracking can create privacy and integrity risks by recording edits the user did not realize would be versioned, including accidental secrets or unsafe prompt changes.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.