ClawHub

memory-tencentdb 安装指南

Security checks across malware telemetry and agentic risk

Overview

This installation-guide skill is mostly coherent, but it enables a persistent memory plugin that captures conversations and builds user profiles without clearly documented review, deletion, retention, or scoping controls.

Install only if you want OpenClaw to keep a persistent memory of your conversations and infer long-term preferences or behavior patterns. Before enabling it, confirm where memory data is stored, how to inspect it, how to delete it, and whether L3 profiling or broad conversation capture can be limited or disabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation states that the plugin supports L3 user profiling ('用户画像') and long-term learning of user preferences and behavior patterns, but it does not clearly warn about profiling-sensitive behavior or the risk of building persistent behavioral dossiers. Even if storage is local, profiling can expose intimate preferences, habits, and inferred traits if the host system or plugin data is accessed by others.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation states that the plugin supports L3 user profiling ('用户画像') and long-term learning of user preferences and behavior patterns, but it does not clearly warn about profiling-sensitive behavior or the risk of building persistent behavioral dossiers. Even if storage is local, profiling can expose intimate preferences, habits, and inferred traits if the host system or plugin data is accessed by others.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal