Security audit

Atomic Memory Manager

Security checks across malware telemetry and agentic risk

Overview

This is a simple memory-management skill that clearly tells the agent how to read and write OpenClaw workspace memory, with no hidden code or install behavior.

Install this if you want agents to use durable workspace memory. Be aware that it may save preferences, decisions, or session context into MEMORY.md or daily memory notes; avoid asking it to store secrets or sensitive personal data unless you truly want that information persisted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill instructs the agent to write persistent notes into workspace files like MEMORY.md and memory/YYYY-MM-DD.md, but it does not require a clear user-facing confirmation that files will be modified. In practice, this can lead to silent persistence of user data, preferences, or sensitive context, increasing privacy risk and creating opportunities for unintended durable state changes across sessions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.