Lovefromio Elite Longterm Memory

Security checks across malware telemetry and agentic risk

Overview

This memory skill does what it claims, but it asks agents to retain conversation details broadly and can route memory to third-party services without enough privacy boundaries.

Install only if you want the agent to keep durable memory across sessions. Before enabling it, set explicit rules forbidding storage of secrets, credentials, private customer data, and regulated information; review and prune memory files regularly; use a secret manager rather than shell startup files for API keys; and enable OpenAI, SuperMemory, or Mem0 only after accepting that selected memory or conversation content may be sent to those providers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (15)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README promotes optional cloud backup and external memory services as core features without clearly warning that agent memory may contain sensitive user, project, or credential-adjacent context that could be transmitted off-device. In an AI memory skill, this omission is security-relevant because users may enable syncing under the assumption that it is purely local persistence.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instruction to enable OpenAI-backed memory search tells users how to turn on an external provider but does not disclose that workspace context, prompts, or memory content may be sent to OpenAI for indexing or retrieval workflows. Because this skill is explicitly designed to retain long-term agent context, the omitted warning increases the chance of unintentional disclosure of proprietary or sensitive information.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The Mem0 example explicitly calls client.add(messages) and client.search(query) against an external API yet does not warn that raw conversation messages and derived memories may be uploaded and processed by a third party. In the context of a long-term memory system for coding agents, those messages can easily include confidential source code, internal discussions, tokens, or customer data, making the omission materially dangerous.

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The instruction to 'Write BEFORE responding' on user input is overly broad and lacks clear scoping for what kinds of user content may be persisted. In a memory skill, this creates a real risk of indiscriminate retention of sensitive conversation details, credentials, or regulated data without filtering or consent.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill markets itself as a memory system but does not prominently warn that user conversation details may be automatically written to local files and memory systems. That omission matters because users may disclose sensitive information without understanding that it will be retained across sessions.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill recommends optional cloud backup and third-party memory services, including SuperMemory and Mem0, but does not provide a strong warning that conversation-derived context may be sent to external providers. This increases privacy and data-governance risk, especially for enterprise, confidential, or regulated workflows.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The destructive deletion command is presented as a maintenance command with only informal wording ('nuclear option') and no strong warning about irreversible data loss. Users or agents may execute it without understanding that all stored vector memory will be removed.

Ssd 3

Medium

Confidence: 94% confidence
Finding: These instructions tell the agent to broadly and automatically persist user-provided details across multiple memory layers, including preferences and decisions, with little minimization guidance. In context, this creates systematic overcollection and long-lived retention of user data, which is a real security and privacy concern rather than a mere feature description.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The WAL protocol explicitly requires writing user statements to persistent memory before responding, encouraging capture of raw details prior to any safety or sensitivity assessment. That ordering increases the chance that secrets or personal information are stored immediately and propagated before the agent can redact or decline.

Ssd 3

Medium

Confidence: 92% confidence
Finding: Automatic fact extraction from conversations is recommended as a default-like enhancement, but the text does not pair that recommendation with meaningful privacy constraints. This can lead to broad collection, inference, and retention of user attributes and conversation details beyond what is necessary for task completion.

Session Persistence

Medium

Category: Rogue Agent
Content: ```bash export SUPERMEMORY_API_KEY="your-key" # Add to ~/.zshrc for persistence ``` ## Agent Instructions
Confidence: 83% confidence
Finding: Add to ~/.zshrc

Session Persistence

Medium

Category: Rogue Agent
Content: - [ ] ... ``` **Rule:** Write BEFORE responding. Triggered by user input, not agent memory. ### Layer 2: WARM STORE (LanceDB Vectors) **From: lancedb-memory**
Confidence: 88% confidence
Finding: Write BEFORE responding. Triggered by user input, not agent memory. ### Layer 2: WARM STORE (LanceDB Vectors) **From: lancedb-memory** Semantic search across all memories. Auto-recall injects releva

Session Persistence

Medium

Category: Rogue Agent
Content: User: "Let's use Tailwind for this project, not vanilla CSS" Agent (internal): 1. Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS" 2. Store in Git-Notes: decision about CSS framework 3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9 4. THEN respond: "Got it — Tailwind it is..."
Confidence: 86% confidence
Finding: Write to SESSION-STATE.md: "Decision: Use Tailwind, not vanilla CSS" 2. Store in Git-Notes: decision about CSS framework 3. memory_store: "User prefers Tailwind over vanilla CSS" importance=0.9 4. THE

Tool Parameter Abuse

High

Category: Tool Misuse
Content: memory_recall query="*" limit=50 # Clear all vectors (nuclear option) rm -rf ~/.openclaw/memory/lancedb/ openclaw gateway restart # Export Git-Notes
Confidence: 89% confidence
Finding: rm -rf ~

Tool Parameter Abuse

High

Category: Tool Misuse
Content: memory_recall query="*" limit=50 # Clear all vectors (nuclear option) rm -rf ~/.openclaw/memory/lancedb/ openclaw gateway restart # Export Git-Notes
Confidence: 89% confidence
Finding: rm -rf ~/.openclaw/memory/lancedb/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal