Back to skill
Skillv0.2.1
VirusTotal security
OpenClaw MongoDB Semantic Memory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:29 AM
- Hash
- 50fb17dee59a98a4146caa80c7a6a3fd1127c5bce3fc9aab5fda070f3be62905
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-memory-skill Version: 0.2.1 The `SKILL.md` documentation describes a `memory_get` tool that allows the agent to read specific files from its workspace using a `path` parameter. While the examples provided are benign (e.g., `MEMORY.md`), the lack of explicit path sanitization or restriction on the `path` parameter creates a significant information disclosure vulnerability. An attacker could potentially exploit this via prompt injection to instruct the agent to read sensitive files (e.g., configuration files, SSH keys) accessible within the agent's operating environment, even though there is no explicit instruction for exfiltration or other malicious actions within the skill itself.
- External report
- View on VirusTotal