ClawHub

Cortex Memory

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory skill, but it asks for broad agent authority and can persist detailed technical conversation data to an external Cortex service by default.

Install only if you are comfortable sending conversation-derived facts to Cortex and having them reused in later sessions. Prefer the selective Cortex tool allowlist instead of tools.profile full, pin or review the external plugin version where possible, store the Cortex API key securely, and disable auto-capture or use audit/forget controls for sensitive work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as a long-term memory capability, but it also instructs the agent to execute local `openclaw cortex ...` CLI commands for live state, pairing, and setup actions. That expands the skill from passive memory operations into host-side command execution, increasing attack surface and creating a path for unintended local actions that are not necessary for the core memory function.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The terminal-based live inspection and pairing/setup instructions are not well aligned with the stated purpose of a memory skill. Even if the commands are mostly informational, normalizing shell access inside a memory-focused skill can blur trust boundaries and make it easier for an agent to perform sensitive environment actions under the guise of routine memory assistance.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The explicit-save trigger is broad enough to fire on many ordinary technical responses, pushing the agent to persist detailed implementation facts by default. This increases the chance of over-collection, storage of sensitive project details, and retention of information the user may not have intended to make long-term, especially because the rule is framed as mandatory after routine technical discussion.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal