Dream Journal

Security checks across malware telemetry and agentic risk

Overview

This skill is a local dream journal that saves and analyzes dream entries as advertised, with no evidence of hidden network access or unrelated behavior.

Install only if you are comfortable with dream descriptions and derived tags being saved in local OpenClaw workspace memory files. Avoid recording highly sensitive dreams in shared or backed-up workspaces, and review or delete the memory files if you do not want long-term retention.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill automatically records dream narratives, learned imagery, and statistics to local files, but the description does not clearly warn users that this sensitive, intimate content will be persisted. Because dream journals can contain highly personal psychological, relational, or health-adjacent information, silent storage materially increases privacy and consent risk.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script persists raw dream content and derived tags to local files under /root/.openclaw/workspace/memory without any notice, consent flow, retention policy, or access controls. Dream journals often contain highly sensitive mental-health, relationship, trauma, or identifying information, so silent long-term storage increases privacy risk if the workspace is shared, backed up, or later exposed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal