ClawHub

Ollama + OpenClaw Memory Setup Guide

Security checks across malware telemetry and agentic risk

Overview

This is a coherent setup guide for local Ollama-based OpenClaw memory search, with disclosed but privacy-sensitive local indexing and optional startup persistence.

Install only if you want a local Ollama service for OpenClaw memory search. Before rebuilding the vector index, review whether your OpenClaw memory files contain confidential data, and protect or delete backups and SQLite stores appropriately. If you enable the Startup VBS, remember it will run Ollama silently at each Windows sign-in and remove the Startup entry when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to rebuild embeddings from conversation and memory markdown content, which can include sensitive personal, enterprise, or confidential data, but it provides no privacy warning, scope limitation, or data-handling guidance. Even though the embeddings are generated locally, indexing sensitive conversations still increases persistence, discoverability, and accidental disclosure risk if the SQLite store, backups, or downstream tools are accessed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The autostart steps create a hidden VBS script in the Windows Startup folder that launches ollama.exe automatically at login, but the guide does not clearly disclose the persistence and background execution implications. Hidden autostart behavior can surprise users, complicate incident response, and leave a local service exposed longer than intended, especially on shared or managed endpoints.

VirusTotal

1/64 vendors flagged this skill as malicious, and 63/64 flagged it as clean.

View on VirusTotal