Back to skill

Security audit

Install memex for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local memory installer, but it automatically creates persistent searchable records of OpenClaw conversations with limited consent and scoping controls.

Review before installing. Use this only if you intentionally want OpenClaw conversations, including historical sessions, stored in ~/.memex/data/memex.db and made searchable by future agents. Consider backing up memex.db first, skipping or manually approving back-fill/re-import steps, and checking the created daemon/LaunchAgent, OpenClaw config changes, and shell profile edits after installation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill is designed to persistently capture every OpenClaw session and back-fill historical conversations into a searchable database, but the invocation metadata does not prominently warn about the privacy and retention impact. Users may trigger it for convenience without understanding that prior and future conversation contents will be stored and exposed through retrieval tools.

Ssd 3

High
Confidence
98% confidence
Finding
These instructions enable persistent recording of all OpenClaw session content into SQLite/FTS storage for later retrieval. This materially expands the lifetime, accessibility, and searchability of potentially sensitive prompts, secrets, and personal data, creating a real confidentiality risk if the host or account is later accessed by another user, tool, or process.

Ssd 3

High
Confidence
99% confidence
Finding
Mandating 'zero questions to the user' while activating persistent monitoring and historical ingestion removes an important consent checkpoint for a sensitive data-processing action. In context, this increases the likelihood that a user's past and future conversation data will be captured without meaningful awareness or deliberate approval.

Ssd 3

High
Confidence
98% confidence
Finding
The back-fill step instructs bulk ingestion of historical session files into memory storage, which broadens access to previously ephemeral or less-accessible conversation data. That creates a significant privacy and data-minimization concern, especially because historical chats may contain credentials, tokens, or sensitive personal/business information not intended for long-term indexing.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.