Weekly Retro

Security checks across malware telemetry and agentic risk

Overview

This is a local weekly review tool that reads OpenClaw memory logs and saves summaries; that is sensitive but matches the stated purpose and no hidden exfiltration or destructive behavior was found.

Install this only if you want local memory logs summarized into weekly reports. Check the memory, vault, history, SOUL.md, and AGENTS.md paths before running it, avoid storing secrets in those files, review generated retrospectives before syncing or sharing them, and enable the cron schedule only if you want automatic weekly runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill directs execution of local Python scripts that read memory files, may consult environment-derived paths, and write output files, but it declares no permissions or guardrails for those capabilities. This creates a mismatch between what the skill can do and what a reviewer or runtime policy may expect, increasing the risk of overbroad file access or unintended writes when the skill is invoked.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The description includes broad trigger phrases such as 'how was this week' and 'what should change,' which can plausibly appear in ordinary conversation unrelated to this specific skill. If the platform uses these descriptions for routing, the skill could be invoked unintentionally and gain access to sensitive memory logs or create files when the user only intended a general discussion.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill is explicitly designed to ingest memory logs and produce persisted reports, but it provides no privacy notice, sensitivity guidance, redaction behavior, or retention constraints. Because memory logs often contain personal, confidential, or operationally sensitive information, analyzing and saving summaries can amplify exposure by copying sensitive details into a new artifact and normalizing repeated access.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script reads potentially sensitive memory logs from a default user workspace path and emits structured summaries to stdout without any explicit warning, consent check, or indication in the CLI help that personal/project memory contents will be processed and exposed. In an agent-skill context, this increases the risk of inadvertent privacy leakage because users may trigger a 'weekly retro' expecting analysis, but not realize the scope of local data access and output disclosure.

Missing User Warnings

Low

Confidence: 79% confidence
Finding: The script writes retrospective history to a persistent file containing behavioral summaries, unfinished work, friction points, and recommendations without any explicit consent or privacy notice at write time. In an agent-skill setting, silent persistence of user-derived work patterns can create an unexpected privacy leak, especially if the workspace is shared, backed up, or later accessed by other tools.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal