Memoria Persistente para Agentes

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This memory skill is not visibly malicious, but it would persist and reuse personal and session data broadly without clear consent, deletion, or isolation controls.

Install only if you intentionally want durable cross-session memory and are comfortable with the agent writing and reusing personal context. Before use, restrict it to a specific workspace, remove or disable session-wide sync from home/OpenClaw state, avoid storing health data or credential references, and add clear commands or practices to review, edit, and delete saved memory.

SkillSpector (11)

By NVIDIA

Context-Inappropriate Capability

Medium

Confidence: 86% confidence
Finding: This script performs repository monitoring via the GitHub CLI, which is unrelated to the stated persistent-memory functionality of the skill. In an agent-skill package, unrelated network-capable scripts expand the attack surface, create unnecessary external dependency and telemetry behavior, and can be abused or unexpectedly executed in environments that assume skills are narrowly scoped.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The script searches for session data not only in the provided workspace but also in the user's home directory and in a path supplied by OPENCLAW_STATE_DIR. In a persistence skill, this broadens data collection beyond the apparent workspace scope and can unintentionally ingest unrelated conversations or sensitive state from other projects, making cross-boundary data exposure likely.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill is explicitly designed to persist user context across sessions, including personal preferences and facts, but it provides no user-facing notice about retention, review, deletion, or privacy implications. This is dangerous because users may disclose sensitive data under the assumption of ephemeral chat, while the system silently stores it long-term.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The Quick Reference section specifically encourages retaining sensitive categories such as medications and credential references without requiring explicit consent or strong handling restrictions. Medications are health data and credential references can facilitate account compromise, so storing them by default materially increases privacy and security risk if the workspace is exposed or mishandled.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill directs the agent to update memory immediately when the user shares new personal information, without disclosure or consent at the moment of collection. That creates non-transparent surveillance-like retention behavior and can lead to accumulation of sensitive personal profiles across sessions.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script writes transcript-derived topics into a shared archival index that any session can consult, but there is no user-facing notice, consent gate, or policy check before propagating data across sessions. Even though only 'topics' are stored, they are extracted from conversation content and can reveal projects, services, or personal/business context to later sessions that should not automatically receive it.

Ssd 3

Medium

Confidence: 92% confidence
Finding: The skill's core purpose is long-term retention of user-related information across sessions, which inherently increases exposure of sensitive data through accumulation, breach impact, and unintended reuse. In a memory skill this behavior is contextually expected, but it still becomes a vulnerability when not bounded by consent, minimization, and retention controls.

Ssd 3

High

Confidence: 98% confidence
Finding: Automatically storing newly shared personal information is a strong privacy risk because it encourages continuous profiling without requiring necessity or permission. The danger is heightened by the skill's persistent architecture, which makes the collection durable and likely to resurface later in ways the user did not expect.

Ssd 3

High

Confidence: 97% confidence
Finding: Including medications and credential references in always-available quick reference guidance elevates especially sensitive data into a high-exposure layer. Because core memory is auto-loaded every session, compromise or accidental display of that file would more readily reveal health data or security-relevant information.

Ssd 3

Medium

Confidence: 87% confidence
Finding: The session-start behavior instructs the agent to preload prior notes and archival context to avoid re-asking the user, which increases resurfacing and reuse of previously stored personal data. While useful for continuity, it can reveal stale, overly broad, or sensitive information in contexts where the user no longer expects it to be remembered.

Ssd 3

Medium

Confidence: 90% confidence
Finding: The script's stated purpose is to index all sessions and promote cross-session context, which normalizes sharing data derived from transcripts across otherwise separate sessions. In a memory skill this is relevant functionality, but without strong data minimization, isolation boundaries, and consent semantics, it can leak contextual information between users, channels, or tasks and cause privacy and confidentiality violations.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal