ClawHub

Smart Memory Keeper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local memory-management skill that writes and restores OpenClaw workspace notes, with privacy and persistence tradeoffs users should understand.

Install only if you want OpenClaw to keep local task and journal memory across sessions. Review the AGENTS.md and HEARTBEAT.md snippets before appending them, avoid storing secrets in memory files, and periodically inspect or prune ~/.openclaw/workspace/memory and MEMORY.md if your projects contain sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases include common conversational expressions like 'pause', 'done for today', and 'remember this', which can easily occur in normal dialogue and cause the skill to activate unexpectedly. In this skill's context, unintended activation is more risky because activation leads to reading and writing persistent memory files, potentially capturing inaccurate, stale, or unnecessary user context.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide explicitly instructs the agent to rewrite memory files, remove completed tasks, and archive journals automatically, but it does not require a clear user-facing warning or confirmation before performing those data-impacting actions. In a memory-management skill, silent modification of persistent files can cause unintended data loss, surprise state changes, or corruption of the user's long-term notes if the consolidation logic is wrong.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The pause-trigger examples are broad enough to match ordinary conversational phrases like 'that's it' or 'pause', causing the agent to update persistent task state without a clear, explicit user intent to save memory. In a persistence-oriented skill, ambiguous triggers increase the chance of silently storing session details the user did not intend to retain.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The heartbeat instructions direct the agent to create journal files automatically if absent, with no user-facing warning or consent. Automatic file creation changes user state on disk and can begin long-term recording behavior without the user's informed approval.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to delete `memory/dream-state.json` automatically after native Dreaming is enabled, without confirmation or backup. Unannounced deletion is a destructive action that can remove state needed for troubleshooting, rollback, or user review.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly directs the agent to restore prior context by reading task files, journals, and project memory across sessions. Cross-session persistence is privacy-sensitive because it can retain and reintroduce prior user content without fresh consent in a new conversation.

Ssd 3

Medium
Confidence
98% confidence
Finding
The daily journal instructions tell the agent to continuously record work history, validated approaches, decisions, risks, and lessons learned. This creates a durable behavioral and project log that can accumulate sensitive operational, personal, or proprietary details over time.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal