Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Unified Memory V5
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a real memory-management skill, but it has under-declared automatic persistence, install-time script, and possible session-state handling that users should review before installing.
Review the source and install path before using this skill. In particular, verify what conversation data is automatically saved, whether session-state files are ever transmitted, and do not run npm install until the missing install.sh and related source files are supplied and reviewed.
Static analysis
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
Potential exfiltration
Warn
- Finding
- Sensitive-looking file read is paired with a network send.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Private details from conversations may persist and be reused in later agent contexts without a clear per-item approval flow.
Why it was flagged
The code describes automatically extracting important interaction data, storing it in the memory system, and pushing it to an OpenClaw index.
Skill content
在每次重要交互后自动: * 1. 提取关键信息存入 unified-memory * 2. 推送到 OpenClaw 索引
Recommendation
Install only if you want persistent automatic memory; verify capture rules, deletion controls, retention settings, and whether indexing can be disabled.
What this means
Following npm-based install instructions could execute an unreviewed shell script or fail because the referenced installer is missing.
Why it was flagged
npm install lifecycle scripts run automatically, but the submitted manifest does not include install.sh and the registry says there is no install spec.
Skill content
"install": "./install.sh"
Recommendation
Do not run npm install for this package until the publisher supplies the install script/source, pins the install behavior, and declares it in the install spec.
What this means
If the flagged code path is active, local session or authentication state could be read and transmitted outside the local memory store.
Why it was flagged
The static scan reports this session-state file read is paired with a network send, while the metadata declares no credentials or sensitive session access.
Skill content
const content = readFileSync(SESSION_STATE_FILE, 'utf-8');
Recommendation
Require a source review of the SESSION_STATE_FILE code path and any network destination before granting this skill access to local sessions or credentials.
What this means
A malicious or compromised plugin in that directory could affect the memory system.
Why it was flagged
The documented plugin system can hot-reload plugins from a user-home directory, which is purpose-aligned extensibility but increases code-execution trust requirements.
Skill content
"plugins": {
"dir": "~/.unified-memory/plugins",
"autoReload": true,
"enabled": ["sync-workspace"]
}Recommendation
Keep plugin auto-reload disabled unless needed and install plugins only from trusted, reviewed sources.
What this means
If enabled on a networked machine without authentication or firewalling, stored memories could be reachable by other systems.
Why it was flagged
The docs show a configuration that binds the memory service to all network interfaces, which can be appropriate for a server but may expose memory APIs if not protected.
Skill content
export UNIFIED_MEMORY_PORT=3851 export UNIFIED_MEMORY_HOST=0.0.0.0
Recommendation
Prefer localhost binding unless remote access is required, and add authentication/firewall protections for any exposed memory API.