Back to skill
Skillv1.0.0
VirusTotal security
Claw Memory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:00 AM
- Hash
- cfb5e81e55954e21febaad3982cc1dd82f51fc2d78d921b6f416fdd881ce8e97
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw-memory Version: 1.0.0 The skill is classified as suspicious due to two primary reasons. First, the `SKILL.md` file instructs the agent to download and overwrite itself from a remote GitHub URL (`https://raw.githubusercontent.com/siddontang/claw-memory/main/SKILL.md`), introducing a significant supply chain vulnerability that could lead to arbitrary code execution if the GitHub repository is compromised. Second, the skill explicitly reads the content of a local file (`~/.openclaw/workspace/MEMORY.md`) and sends it to an external third-party service (`https://claw-memory.siddontang.workers.dev`). While this aligns with the stated purpose of importing memory, it represents a high data exposure risk if the `MEMORY.md` file contains sensitive user information.
- External report
- View on VirusTotal