Session回溯

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to recall past OpenClaw chats, but it can read broad conversation history and save personal details to memory without clear limits or approval steps.

Install only if you are comfortable with an agent searching prior OpenClaw conversations. Use it on explicitly selected sessions or keywords, avoid reset/deleted logs unless you deliberately need them, and review anything it writes to memory before keeping it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill explicitly instructs the agent to read full session history and local JSONL conversation files, which can expose sensitive personal data, credentials, or prior context beyond the user's immediate request. Because there is no requirement for consent, minimization, or scope restriction, this creates a real privacy and data-exposure risk.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill tells the agent to extract key information, including personal details about the user, and write it into persistent memory files without any retention, sensitivity, or consent safeguards. Persisting conversation-derived personal information increases the risk of long-term privacy harm, unintended reuse, and unauthorized disclosure.

Ssd 3

Medium

Confidence: 98% confidence
Finding: These instructions direct the agent to mine user-specific details from prior conversations and persist them into memory, normalizing cross-session profiling and storage of personal data. In context, this is more dangerous because the skill is specifically designed for retrospective access to conversation history, so the data collected is likely to be rich, contextual, and sensitive.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The skill instructs the agent to retrieve historical session content and bring selected excerpts into the current conversation, which can leak prior-session information to the wrong context or recipient. This is especially risky because the skill includes concrete session identifiers and encourages direct reuse of historical content without any identity, authorization, or relevance checks.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The examples and notes normalize returning content obtained from session-history access directly in responses, which encourages unsafe disclosure practices as standard behavior. Even as documentation, this lowers the barrier to accidental privacy violations by omitting consent checks, least-privilege principles, and redaction guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal