Back to skill

Security audit

Mindkeeper

Security checks across malware telemetry and agentic risk

Overview

Mindkeeper is a disclosed versioning helper for AI context files, with expected persistence and rollback abilities that users should understand before enabling.

Install only if you want ongoing version history for AI context and memory files. Review the external mindkeeper-openclaw plugin before approving setup in sensitive environments, avoid storing secrets in tracked context files, and inspect rollback previews carefully before confirming changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Low
Confidence
80% confidence
Finding
The skill instructs the agent to directly edit tracked files while only optionally mentioning that a background watcher may automatically capture and persist those changes. In a context involving sensitive agent memory, identity, or rules files, silent auto-tracking can create privacy and integrity risks by recording edits the user did not realize would be versioned, including accidental secrets or unsafe prompt changes.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.