ClawHub

Claw Roam

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Git sync helper for an OpenClaw workspace, but it can upload private memory, logs, skills, and context to the user's chosen Git remote.

Install only if you intentionally want your OpenClaw workspace stored in a Git remote. Use a private trusted repository, add .gitignore rules for secrets, tokens, databases, logs, and local-only files, run git status before pushing, and avoid the cron auto-push example unless continuous upload is deliberate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill is explicitly designed to sync an OpenClaw workspace to a remote Git repository, and the documented synced content includes memory, conversation logs, personality, skills, and context files. Without strong warnings, scoping, or exclusions, this encourages users to upload highly sensitive agent and user-derived data to external storage, creating a real confidentiality risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Using `git add -A` in the workspace root stages everything, including any accidentally stored credentials, machine-specific config, session artifacts, or private conversation data. In a workspace intended to hold persistent memory and skills, this materially increases the chance of irreversible disclosure once pushed to a remote.

Missing User Warnings

High
Confidence
99% confidence
Finding
The cron example continuously commits and pushes the entire workspace every 10 minutes, automating exfiltration of whatever new data appears in that directory. This is especially dangerous because it removes human review and can rapidly propagate sensitive or regulated data to a remote repository.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The sync command performs a chain of state-changing Git operations—auto-commit, push, merge, branch checkout, merge into main, and final push—without any confirmation, dry-run, or safety guard. In a workspace-sync skill that manages OpenClaw personality, memory, and skills, this can unintentionally propagate local mistakes, conflicted merges, or sensitive changes to the canonical main branch and remote repository, causing integrity loss and difficult recovery.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill clearly states that `SOUL.md`, `MEMORY.md`, daily conversation logs, skills, and context files are synced across machines. Those files can contain highly sensitive personal data, behavioral profiles, operational context, and potentially embedded secrets, so normalizing their export to Git is a real data leakage issue.

Ssd 3

High
Confidence
98% confidence
Finding
A scheduled workflow that repeatedly records and pushes all workspace changes creates ongoing leakage of user-derived data with little visibility or control. In this context, the workspace is known to contain persistent memory and conversation artifacts, which makes automatic background export more dangerous than a normal code repository sync.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal