OpenClaw Universal Memory
Security checks across malware telemetry and agentic risk
Overview
This is a coherent memory-ingestion skill, but it sends sensitive database and connector operations to package code that is not included in the reviewed bundle.
Install only if you can review and trust the actual openclaw_memory package and connectors it will run. Use a dedicated Postgres database or schema, least-privilege credentials limited to the intended memory tables, avoid putting DSNs with passwords on the command line, and define retention/deletion rules before ingesting email, chat, tasks, or other private data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.