Back to skill

Security audit

SQL Dreamer

Security checks across malware telemetry and agentic risk

Overview

The skill’s behavior matches its stated purpose, but it handles durable memory data, scheduled cleanup, SQL credentials, and optional Confluence publishing that users should configure carefully.

Install only for an OpenClaw workspace and SQL database you control. Store SQL and Confluence secrets in environment variables, review archive_after_days before scheduling cleanup, run dry-runs first, keep Confluence disabled unless you intend to publish memory-derived content externally, and consider pinning dependencies or using a lockfile.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly advertises automatic pruning of dream output files older than N days, but does not clearly warn users that local files will be deleted or emphasize the need for backups, retention review, or careful path validation. In a scheduled automation context, this can lead to unintended data loss if the workspace or retention settings are misconfigured, especially because the feature operates on generated memory artifacts that may still be valuable for audit or recovery.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document explicitly describes persistent storage of potentially sensitive facts, decisions, incidents, task payloads, audit metadata, and dream outputs across SQL tables and local markdown files, but it does not warn users about retention, access control, or sensitivity of that data. In a skill reference for agent memory, this omission is security-relevant because developers may store secrets, personal data, or operationally sensitive content by default without informed consent or safeguards.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The Confluence configuration block documents external publication settings, including domain, email, API token, and parent page, but does not explicitly warn that dream-derived content may be transmitted to a third-party SaaS platform. Because the referenced data originates from stored memories and synthesized outputs, users may inadvertently exfiltrate sensitive internal information to Confluence without realizing the trust-boundary change.

Missing User Warnings

Low
Confidence
86% confidence
Finding
These tests establish a live database connection and later invoke mutating stored procedures against a real configured database. Even though the code uses a future TEST_DATE and attempts scoped cleanup, running destructive integration tests by default can still modify shared state, hit the wrong environment through misconfiguration, or cause unintended data loss or operational disruption.

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyodbc>=4.0.0
PyYAML>=6.0
Confidence
94% confidence
Finding
pyodbc>=4.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
pyodbc>=4.0.0
PyYAML>=6.0
Confidence
98% confidence
Finding
PyYAML>=6.0

Known Vulnerable Dependency: PyYAML — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
96% confidence
Finding
PyYAML

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.