ClawHub

Openclaw Memory Manager 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a local memory-management skill whose file changes are disclosed and aligned with its purpose, though users should back up memory before running migration or snapshot tools.

Install only if you want local scripts to manage and reorganize your OpenClaw memory files. Before running organize.sh or categorize.sh, make a full backup of the memory directory and review the files being moved. Treat snapshots as sensitive because they can duplicate private agent context, and enable heartbeat automation only after confirming the workflow is safe for your setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The script claims to back up first, but date-named files are moved directly into the episodic directory without creating a backup copy. If the move is mistaken, interrupted, or performed into an unexpected directory state, users can lose track of original file placement or suffer accidental data handling errors during a memory migration workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly instructs users to run a migration script that moves existing `memory/*.md` files into a new directory structure, but it does not warn about data modification, backup needs, overwrite risks, or rollback behavior. For a memory-management skill handling agent context, silent file reorganization can cause accidental data loss, broken tooling assumptions, or loss of recoverability if users automate the step without understanding its effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The heartbeat section recommends periodic automated execution of `organize.sh`, which implies recurring file changes, but it gives no warning that this may restructure or rewrite stored memory on a schedule. In the context of agent memory, automating state-changing file operations increases the chance of unintended moves, race conditions with other tools, or gradual corruption/loss of important context without operator awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises automatic organization and migration of local memory files without a strong upfront warning that it may move, copy, or rewrite user data. In an agent setting, ambiguous documentation around filesystem-modifying behavior can lead to unintended data changes, misplaced records, or partial loss of context if run without explicit confirmation and backup safeguards.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs automatic mv/cp operations on user memory files without confirmation, dry-run mode, or an explicit warning immediately before mutation. In a memory-management skill, this is more dangerous because the affected data is likely important agent context, so unintended reorganization can cause confusion, broken workflows, or effective data loss from the user's perspective.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script intentionally creates a plaintext snapshot file and copies content from multiple memory stores into it, which increases the concentration and persistence of potentially sensitive data on disk. In this skill context, the feature is expected behavior, but it is still a real security weakness because snapshots may expose user data, secrets, or private context if the workspace is readable by other users, backed up insecurely, or later exfiltrated.

Ssd 3

Medium
Confidence
91% confidence
Finding
The routine aggregates recent episodic entries, semantic knowledge, and procedural workflows into one markdown artifact, creating a high-value plaintext collection point for sensitive information. This is more dangerous in a memory-management skill because the stored content is likely to include broad historical agent context, user prompts, credentials, internal notes, or other sensitive material that becomes easier to access once centralized into a single file.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal