A powerful memory management system powered by ReMe that provides persistent cross-session memory, automatic user preference application, and intelligent context compression for OpenClaw.

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate memory skill, but it persistently records and reapplies user/session information with weak consent, retention, and sensitivity controls.

Install only if you intentionally want durable cross-session memory. Before enabling it, decide what must never be stored, review and purge the .reme, MEMORY.md, and memory/ files regularly, avoid storing secrets or sensitive personal data, and require explicit confirmation before auto-sending generated files or saving broad session summaries.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (9)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README promotes persistent cross-session memory and automatic application of user preferences without any visible warning about privacy, retention, consent, or handling of sensitive data. In a memory-management skill, this omission is security-relevant because operators may enable long-term storage of personal or behavioral data by default without understanding the privacy and data-governance implications.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill centers on cross-session persistence of user preferences and conversation-derived memory, yet it does not clearly warn that user data may be stored beyond the current session. This creates a privacy and consent risk because users may reveal sensitive information assuming ephemeral handling while the skill encourages durable retention.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The examples direct automatic updates to MEMORY.md and dated summary files without an explicit notice that the skill will modify local persistent files. Silent file modification is risky because it can surprise operators, create unreviewed records of user content, and make later data handling harder to audit.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The guidance instructs the agent to automatically send generated files immediately, with wording like 'ALWAYS send', but does not require confirming the recipient still wants the file delivered or checking whether the file contains sensitive content. In a cross-session memory skill, stored preferences can be stale, inferred, or overly broad, so automatic transmission increases the risk of unintended disclosure of generated artifacts or embedded sensitive data.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script forwards arbitrary user-provided content into a long-term memory store via `reme.summary_memory(messages=messages)` without any consent prompt, sensitivity warning, or filtering. In a memory-persistence skill, this is materially risky because users may provide secrets, personal data, or sensitive instructions that then persist across sessions and could be resurfaced later unintentionally.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill promotes broad persistent storage of user preferences, habits, events, and summaries across sessions without meaningful data minimization rules. This is dangerous because sensitive personal, behavioral, or contextual information can be accumulated and later resurfaced, increasing privacy exposure and the blast radius of any compromise or misuse.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The workflow instructs the system to turn user corrections and feedback into long-term memory entries for future reuse. Without constraints, this creates a natural-language logging channel that can capture sensitive or manipulative content and cause it to influence future sessions in ways the user did not specifically approve.

Ssd 3

Medium

Confidence: 97% confidence
Finding: Session-end extraction of key events and summary writing creates a broad persistent log of conversation content. That is dangerous because it can capture far more information than needed, including sensitive requests, identities, and operational details, then make them retrievable in future contexts.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The best-practice guidance says to load memory and apply stored preferences at the start of every session. This increases the chance that stale, sensitive, or adversarially seeded memory is reintroduced into unrelated future tasks, potentially affecting behavior without fresh user confirmation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal