Back to skill

Security audit

Quick Reminders

Security checks across malware telemetry and agentic risk

Overview

This reminder skill is mostly transparent, but it has review-worthy risks from detached background messaging and an unsafe cleanup path that could delete unintended local files if its state is tampered with.

Install only if you are comfortable with this skill starting short-lived background processes that later send messages using your existing OpenClaw setup. Keep reminder text low-sensitivity, review or protect `reminders.json`, and be cautious using `remove` if that state file could have been edited by something else.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to send reminder text and target identifiers through external messaging channels, but it does not clearly warn that reminder content, chat IDs, phone numbers, or channel identifiers may be disclosed to third-party services. Because reminders can contain sensitive personal details and are delivered out-of-band, users may unknowingly expose private data to external providers or logs.

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: quick-reminders
description: "Zero-LLM one-shot reminders (<48h) via nohup sleep + openclaw message send, operated via {baseDir}/scripts/nohup-reminder.sh."
metadata: {"openclaw":{"emoji":"⏰","requires":{"bins":["jq","openclaw"]}}}
user-invocable: true
---
Confidence
82% confidence
Finding
nohup

Session Persistence

Medium
Category
Rogue Agent
Content
(umask 077; printf '%s' "$text" > "$msg_file")

  # Launch detached worker; message text is read from file at fire time.
  nohup bash -c '
    delay="$1"
    channel="$2"
    target="$3"
Confidence
95% confidence
Finding
nohup

Session Persistence

Medium
Category
Rogue Agent
Content
REMINDERS_JSON="$reminders_json" "$script_path" remove "$reminder_id" 2>/dev/null || true
  ' _ "$DELAY_SECS" "$channel" "$REMINDER_TARGET" "$msg_file" "$SCRIPT_PATH" "$id" "$REMINDERS_JSON" > /dev/null 2>&1 &
  local pid=$!
  disown "$pid" 2>/dev/null || true

  write_json --argjson id "$id" --argjson pid "$pid" --arg text "$text" \
    --arg fires_at "$FIRES_AT" --argjson fires_epoch "$fires_epoch" \
Confidence
94% confidence
Finding
disown

Session Persistence

Medium
Category
Rogue Agent
Content
(umask 077; printf '%s' "$text" > "$msg_file")

  # Launch detached worker; message text is read from file at fire time.
  nohup bash -c '
    delay="$1"
    channel="$2"
Confidence
90% confidence
Finding
Launch detached worker

Tool Parameter Abuse

High
Category
Tool Misuse
Content
if [[ -n "$msg_file" ]]; then
    rm -f "$msg_file"
  else
    rm -f "/tmp/oclaw-rem-${WORKSPACE_KEY}-${id}.msg" "/tmp/oclaw-rem-${id}.msg"
  fi
  write_json --argjson id "$id" '[.[] | select(.id != $id)]'
  echo "ok: reminder #${id} canceled"
Confidence
96% confidence
Finding
rm -f "/tmp/oclaw-rem-${WORKSPACE_KEY}-${id}.msg" "/tmp/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.