Security audit

OpenMemo Memory – Persistent Memory for OpenClaw Agents

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local persistent-memory skill; its main risk is that agent task memories may persist and influence future work.

Install only if you are comfortable running the OpenMemo adapter and letting the agent save task summaries across sessions. Avoid storing secrets, credentials, personal data, regulated data, or confidential customer details in memories; review and delete stored memories through the adapter’s inspector or storage controls, and do not enable remote endpoints unless you intentionally trust that service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The README explicitly advertises persistent storage of agent tasks, decisions, and workflows, but it does not disclose retention, sensitivity, or review/deletion expectations. In an agent context, this can lead users to store operational history or sensitive workflow data without understanding privacy and compliance implications, making the omission a genuine security and safety issue.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README promotes automatic detection of prior task completion and workflow reuse, but it does not warn that the agent may skip execution or reuse stale results based on memory. In operational workflows such as deployment or automation, this can cause unsafe assumptions, missed revalidation, or incorrect state transitions if prior results are outdated or context has changed.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill explicitly promotes persistent storage of task history, decisions, and workflow results across sessions, but it does not clearly warn users that this creates long-lived records of potentially sensitive operational activity. In an agent setting, stored memories may include secrets, internal decisions, deployment details, or user-derived data, so lack of disclosure increases privacy and data-governance risk and may lead to unsafe use in sensitive environments.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The write_memory tool sends arbitrary memory content and scene context to a remote OpenMemo endpoint, creating a real data disclosure risk if users or upstream agents pass sensitive information. In a memory/agent skill, this is especially relevant because the stored content may include secrets, internal reasoning, personal data, or task outputs, and there is no consent gate, redaction, or policy check before transmission.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The recall_memory and check_task_memory flows transmit user queries and task descriptions to an external service, which can expose sensitive operational context, prompts, or proprietary task details. This is a genuine privacy/security issue because the skill is explicitly designed to send potentially rich agent context over the network without any visible warning, approval step, or input filtering.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal