ClawHub

Auto Memory Distiller

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it can continuously read private conversation logs, send them to Gemini, and store long-term memory without clear user controls.

Install only if you are comfortable with OpenClaw session logs being processed by Gemini and summarized into persistent local memory files. Prefer manual runs first, use a dedicated Gemini key, review generated files in ~/.openclaw/workspace/memory/topics, and add session exclusions or local redaction before enabling cron or heartbeat automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly describes itself as running silently in the background and continuously transforming conversation logs into persistent memory, but it does not clearly disclose this as an ongoing privacy-sensitive operation or obtain explicit user consent. This creates a real transparency and privacy risk because users may not realize their conversations are being continuously processed and stored long-term.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation instructs users to configure a Gemini API key and states the script uses Gemini API, but it does not warn that conversation content may be sent to a third-party external service for analysis. In a memory-distillation skill handling long conversation logs, undisclosed external transmission materially increases confidentiality, privacy, and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends session conversation contents to an external Gemini API for processing without any explicit user consent, warning, or scoping controls. Because the source data comes from agent session logs, it may contain sensitive prompts, code, configuration details, tokens, or personal data, making this a real privacy and data-exfiltration risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The prompt explicitly instructs the model to extract and preserve facts, decisions, code snippets, and configuration details from user session logs into long-term memory files. In this skill context, that is dangerous because it can persist sensitive operational knowledge from private sessions and amplify the impact of accidental secret capture, especially since the redaction requirement is delegated to the external model rather than enforced locally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal