warn
suspicious.destructive_delete_command
- Location
- SKILL.md:293
- Finding
- Documentation contains a destructive delete command without an explicit confirmation gate.
Elite Longterm Memory
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.destructive_delete_command
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Old, incorrect, or sensitive memories may be reused later and shape the agent's behavior.
Why it was flagged
The skill intentionally creates persistent agent memory before replies, so stored context can influence future sessions.
Skill content
Agent (internal): 1. Write to SESSION-STATE.md → "Decision: Use Tailwind" 2. THEN respond
Recommendation
Review and curate memory files regularly, avoid storing secrets, and remove or correct inaccurate memories.
NoteHigh Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
The agent may update long-term memory without mentioning each update in chat.
Why it was flagged
The documentation tells the agent to store some memory silently, which reduces visibility into persistent changes.
Skill content
# Store a decision (SILENT - never announce)
Recommendation
If you install it, consider instructing the agent to summarize memory changes or ask before storing sensitive information.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Private conversation or project context may leave the local machine if cloud memory integrations are enabled.
Why it was flagged
The Mem0 example shows conversation messages being sent to an external memory provider when that optional integration is configured.
Skill content
await client.add(messages, { user_id: "user123" });Recommendation
Enable SuperMemory or Mem0 only if you trust the provider, understand retention policies, and avoid sending secrets.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
A configured API key may incur costs or expose provider access if mishandled.
Why it was flagged
The skill requires a provider API key for its memory/search integrations, which is expected but grants access to the user's provider account.
Skill content
Required env vars: OPENAI_API_KEY
Recommendation
Use scoped or dedicated API keys where possible, monitor usage, and revoke keys if you stop using the skill.
NoteMedium Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Running the command would delete stored vector memories and could cause loss of recalled context.
Why it was flagged
The documentation includes a destructive shell command that removes the LanceDB memory directory.
Skill content
rm -rf ~/.openclaw/memory/lancedb/
Recommendation
Run this only as an intentional reset after backing up any memory data you may need.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Installing or running the package may also install third-party code.
Why it was flagged
The package can pull an optional external dependency with a version range; this is normal for npm integrations but still part of the supply chain.
Skill content
"optionalDependencies": { "mem0ai": "^1.0.0" }Recommendation
Install from trusted sources, pin versions if needed, and review dependencies for sensitive environments.