ClawHub

Openclaw Auto Dream Lite

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory-consolidation skill that can schedule recurring updates to workspace memory files.

Install only if you want an agent to periodically read and update MEMORY.md and files in memory/. Review those files for sensitive content first, and create the cron job only in workspaces where automatic local memory edits are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest description uses very broad trigger phrases such as 'auto memory', 'dream', and 'memory consolidation', which can match common user requests unrelated to this specific skill. Over-broad activation increases the chance the agent will invoke the skill in unintended contexts, potentially causing unsolicited reads/writes to memory files or autonomous scheduling behavior without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The prompt explicitly instructs the agent to append to `memory/dream-log.md` and move/archive older entries, which causes persistent local file modifications without any explicit user confirmation or prominent warning in the skill behavior. In a memory-management skill this is partly expected, but the automatic write/append/archive behavior still creates integrity and privacy risk because it can alter or reorganize user data silently on recurring runs.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
Forcing all output into a language inferred from workspace files overrides user choice and may reveal that the agent inspected local context to infer preferences. While not severe on its own, it can lead to confusion, incorrect language selection, and privacy concerns because the decision is made from workspace content rather than explicit consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal