v1.0.2

omnimemory-full-onboarding

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:29 AM.

Analysis

This skill is mostly coherent for OmniMemory onboarding, but it asks the agent to handle passwords, OTPs, API keys, a third-party LLM key, and persistent automatic memory capture through an opaque external service/domain.

GuidanceReview this skill carefully before installing. It may be legitimate OmniMemory onboarding, but only proceed if you trust the fixed backend URL and the external plugin package. Avoid sharing reusable passwords or unrestricted LLM keys, verify the endpoint and plugin provenance, and consider disabling autoCapture unless you are comfortable with future OpenClaw context being stored as memory.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceMediumStatusConcern

SKILL.md

Use the fixed base URL `https://zdfdulpnyaci.sealoshzh.site`.

The skill brands itself as OmniMemory onboarding but directs credential-bearing onboarding calls to an opaque fixed domain, while the registry lists no homepage and the artifact later references `https://www.omnimemory.ai/zh/` only as a fallback support site.

User impactA user may assume the endpoint is official OmniMemory infrastructure even though the supplied artifacts do not establish that relationship.

RecommendationVerify that the fixed backend URL is controlled by the service you intend to use before submitting passwords, OTPs, or API keys.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

openclaw plugins install @omni-pt/omnimemory-overlay

The skill is instruction-only but installs an external plugin by package name without a pinned version or included plugin source. This is expected for the stated purpose, but it makes package provenance important.

User impactThe installed plugin, not this instruction file, will perform the ongoing memory integration and receive the configured API key.

RecommendationCheck the plugin publisher, version, and source/release notes before installation, and pin to a trusted version if OpenClaw supports it.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

repair common mistakes automatically if needed... If needed, remove incorrect values, re-apply the correct `.config.*` values, and continue to the smoke test.

The skill authorizes local OpenClaw configuration mutation and automatic repair. The changes are narrowly scoped to the OmniMemory plugin, but they still alter the user's agent environment.

User impactThe agent may change or remove OmniMemory-related OpenClaw configuration entries while troubleshooting.

RecommendationReview the exact config commands before execution and keep a backup of existing plugin configuration if it matters.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Ask only for the blocking inputs first:
- email
- password
- name
- api_key_label
- external_llm_api_key

The skill instructs the agent to collect account credentials and an external LLM API key, then use them for SaaS onboarding and key binding. This is high-impact credential handling, especially because the registry metadata declares no primary credential or required env vars.

User impactInstalling this skill could lead the agent to handle your account password, OTP, OmniMemory API key, and optionally a third-party LLM API key.

RecommendationOnly use this if you trust the OmniMemory service and endpoint. Prefer creating accounts and third-party keys directly in the provider UI when possible, and avoid giving the agent reusable passwords or unrestricted API keys.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

SKILL.md

openclaw config set plugins.entries.omnimemory-overlay.config.autoRecall true
openclaw config set plugins.entries.omnimemory-overlay.config.autoCapture true

The skill enables automatic memory recall and capture for the installed plugin. The artifacts do not define clear data boundaries, retention rules, exclusions, or approval controls for future captured context.

User impactFuture OpenClaw activity may be automatically stored and reused as memory, potentially including sensitive conversation content.

RecommendationBefore enabling autoCapture, review the plugin’s privacy and retention behavior, confirm what data is captured, and disable automatic capture if you only want explicit saves.