Back to skill

Security audit

OpenClaw记忆管理系统v2

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory skill, but it asks an agent to repeatedly save and reorganize session history without clear user controls.

Install only if you intentionally want persistent local agent memory across sessions. Before use, set explicit rules for what may be saved, which sessions or topics are excluded, how entries are reviewed, and how memory can be deleted, restored, or prevented from capturing secrets and personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly directs routine overwrites, appends, cleanup, and archival of files under a local workspace, but it does not require explicit user consent, preview, or confirmation before modifying persistent data. This is dangerous because an agent following the instructions could silently alter or destroy local state, including overwriting NOW.md, deduplicating logs, and archiving files, which creates integrity and data-loss risks.

Ssd 3

Medium
Confidence
94% confidence
Finding
The skill's core principle and storage model encourage writing broad conversational content into persistent memory files, effectively treating session content as durable records. This is dangerous because it can capture sensitive user data, credentials, private context, or regulated information without minimization, consent, retention limits, or filtering.

Ssd 3

Medium
Confidence
96% confidence
Finding
The heartbeat workflow instructs the agent to repeatedly scan active session messages and write extracted information into logs and knowledge files on a recurring schedule. In context, this increases danger because the collection is automated and periodic, making silent persistence of sensitive or irrelevant content more likely, while also normalizing continuous surveillance of user interactions.

Ssd 3

Medium
Confidence
93% confidence
Finding
The end-of-day sync directs scanning all sessions to backfill logs, which broadens collection beyond the current task and increases retention of historical conversation data. This is dangerous because it can aggregate sensitive information across sessions into durable storage without context-sensitive consent, making privacy leakage and over-retention more severe.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.