Back to skill
Skillv0.2.0
VirusTotal security
Memory Dreaming · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 26, 2026, 2:46 PM
- Hash
- 1ecad19633412ae6fa05245ceb8ca319654a1c78c0f6c17d22aeb705be93d06c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: memory-dreaming Version: 0.2.0 The skill implements an autonomous memory consolidation system that processes session logs and syncs knowledge to an Obsidian vault. It is classified as suspicious due to potential shell injection vulnerabilities within the agent instructions in `references/dream-prompt.md`, where the agent is directed to execute shell commands (e.g., `ls`, `cat`, `dirname`) using paths derived from user-controlled configuration and workspace directory names without sanitization. While the functionality is plausibly intended for memory management, the skill requires broad read access to sensitive session transcripts (`~/.openclaw/agents/main/sessions/*.jsonl`) and instructs the background agent to operate silently ('NO_REPLY'), which could mask unintended behavior if the shell commands are exploited.
- External report
- View on VirusTotal