Cogmem Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent memory-backend integration, but it asks OpenClaw to automatically capture and reuse sensitive conversation and workspace memory with limited retention and consent guidance.

Install only if you want cogmem to become a durable memory layer for OpenClaw. Prefer pinning a specific commit, run the dry-run import first, review which profile and session files will be imported, and avoid enabling the --auto wrapper until you are comfortable with future conversations and possibly tool events being stored and recalled.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (3)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The `--auto` flow modifies host plugin loading and explicitly enables `hooks.allowPromptInjection=true` and `hooks.allowConversationAccess=true`, which expands the agent's access to prompts and conversation content. While the behavior is described, it is not presented as a clear warning/consent boundary before the command, so operators may enable sensitive hooks without appreciating the security and privacy implications.

Ssd 3

Medium

Confidence: 87% confidence
Finding: These instructions wire automatic turn capture and recall into runtime hooks, including queued durable recording of agent/user exchanges and potentially tool calls, tool results, and task events. Without clear minimization, scoping, or retention controls, this can cause over-collection of sensitive conversation data and make later recall surface information beyond what is necessary for a given task.

Ssd 3

Medium

Confidence: 89% confidence
Finding: The importer ingests broad categories of workspace files such as user profiles, persona documents, memory summaries, daily memories, and session/conversation logs into a semantic memory system for later retrieval. In this context, bulk ingestion increases the chance that sensitive personal, operational, or historical content will be embedded and resurfaced in unrelated contexts, creating privacy and data-leak risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal