ClawHub

Openclaw

Security checks across malware telemetry and agentic risk

Overview

Demarkus appears to be a legitimate persistent-memory skill, but its default local setup installs a long-running network-facing service, so users should review it carefully before installing.

Install only if you intentionally want durable cross-session agent memory. Prefer client-only or remote mode unless you mean to run a local server, inspect or pin the installer, restrict UDP 6309 to trusted interfaces, know how to stop or uninstall the daemon, and avoid storing secrets or sensitive personal/project data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill goes beyond document/memory operations by instructing the agent to install and run a local server/daemon and expose a listening service. That meaningfully increases the attack surface for a skill whose user-facing purpose is persistence and markdown storage, especially because the skill text also notes the server listens on all interfaces.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The privacy/security section says no data is sent to third parties, but the documented setup fetches and executes an installer from GitHub. That statement is misleading and can cause users or agents to underestimate network exposure and supply-chain risk during installation.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The description contains broad invocation language such as remembering things across sessions, storing thoughts/reflections, and giving the agent a soul. This can cause the skill to trigger in ordinary conversations and invoke persistent-storage behavior when the user did not clearly request durable memory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal