ClawHub

ocmemog-installer

Security checks across malware telemetry and agentic risk

Overview

This installer is purpose-aligned, but it can run changing remote code, alter OpenClaw memory settings, and leave a local memory service running.

Install only if you trust the ocmemog upstream repository and want a durable local memory service. Prefer the package install path, ask to review any OpenClaw config changes before applying them, and avoid the source installer fallback unless you can pin or review the repository version and know how to stop or remove the sidecar.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly instructs the agent to access external network resources such as npm and GitHub and to validate a local HTTP endpoint, yet no permissions are declared. This creates a transparency and policy-enforcement gap: users or the platform may not realize the skill can fetch remote code or make network requests, which is especially sensitive for an installer that downloads and enables software.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer clones or pulls code from a remote repository and installs Python dependencies into a virtual environment, which modifies the local system and executes unpinned third-party code without any explicit warning or confirmation. In a skill intended to automate installation this may be expected, but it still creates supply-chain and user-consent risk because the script updates code and packages before the user is clearly informed.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script starts a background sidecar with nohup and immediately detaches it, creating a persistent local service without prior disclosure or consent. Even though the sidecar appears to bind to localhost, silently launching a long-lived process can surprise users, consume resources, and expand the local attack surface if the sidecar is vulnerable or later misconfigured.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal