ClawHub

Dreaming (LanceDB)

Security checks across malware telemetry and agentic risk

Overview

The package behaves like an advertised memory-dreaming plugin, but it should be installed only by users comfortable with scheduled memory processing, persistent report files, LLM use, and optional external report delivery.

Before installing, confirm you want this plugin to read your LanceDB memories, write DREAMS.md/MEMORY.md/daily report files, create scheduled OpenClaw jobs, and use the configured LLM runtime for memory-derived narratives. Leave dailyReport.delivery unset unless you want summaries sent to an external chat channel, and disable narrative, dailyReport, or autoManageCron if those defaults do not match your privacy or operations expectations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This loader searches multiple writable filesystem roots, including the current working directory, the user's home-state directory, and an environment-variable-controlled path, then dynamically requires '@lancedb/lancedb' from whichever location resolves first. If an attacker can place or influence a package in one of those locations, they can achieve arbitrary code execution during module loading, and the fallback behavior increases risk because it silently trusts local resolution sources.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code writes generated 'dream diary' content directly into a workspace file (DREAMS.md) without any visible consent, prompt, or confirmation flow in this component. Because the content is derived from memory fragments and promotions, this can persist sensitive behavioral or personal data to disk unexpectedly, increasing privacy and retention risk if the workspace is shared, synced, or later exposed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The function builds a prompt from memory snippets, themes, and promotions and sends that material to an LLM via runDreamingTextPrompt, but this file shows no disclosure, consent, or data minimization before transmission. If those memory fragments contain secrets, personal information, or proprietary workspace context, they may be exposed to a model provider or logged by downstream components.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This code writes `entry.text` values derived from memories directly into phase reports and daily memory blocks without any sanitization, redaction, or disclosure that the content is model- or memory-derived. If memories contain sensitive, private, or attacker-injected text, that content will be persisted into report files and may mislead users into treating untrusted text as trustworthy system output.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The plugin explicitly advertises automatic cron-job creation and management, which means it can modify host scheduling state without a strong in-band warning to the user. Even if this is intended functionality, silent or insufficiently disclosed persistence and scheduled execution can surprise operators, create unwanted background activity, and increase risk if the task later writes files or triggers downstream actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The daily report delivery configuration supports sending memory summaries to external channels such as Feishu or other webhook/direct targets, but the schema and UI text do not clearly warn that potentially sensitive memory-derived content may leave the local system. In a memory plugin context, this raises meaningful confidentiality risk because summaries may contain personal, proprietary, or operational information that users do not realize will be transmitted to third parties.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal