Back to skill

Security audit

Memory Optimizer

Security checks across malware telemetry and agentic risk

Overview

This skill locally indexes OpenClaw memory files and can run a background watcher, which is disclosed and aligned with its memory-optimization purpose.

Install this only if you want OpenClaw memory markdown files copied into a persistent local index for faster search and deduplication. Avoid putting secrets in the watched memory folder, stop the watcher when you no longer need continuous indexing, and do not configure the documented archive cron job unless you obtain and review the missing archive script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Low
Confidence
89% confidence
Finding
The script presents itself as a quickstart installer but also silently starts a long-running background process (`memory-watcher.py`) in the user's workspace. Persistent process creation during setup can surprise users, create unintended monitoring behavior, and make it easier to hide unwanted activity behind an installation step.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly advertises automatic archival of files older than 90 days, compression, and cleanup of related index entries, but it does not prominently warn users that this changes file locations and can make older content no longer searchable in the active index. In a memory-management skill, silent or underemphasized data-moving behavior creates a real risk of unintended data loss, broken workflows, or surprise persistence changes, even if the feature is intended for optimization rather than harm.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The cron instructions tell users to schedule the archive script to run automatically every quarter, but they do not clearly warn that this recurring job will modify files without further prompts. That creates a genuine safety issue because users may enable persistent automation without understanding that it will move files, rewrite indexes, and affect future retrieval behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script persistently stores full chunk content from watched markdown files into ~/.openclaw/workspace/memory/.index.json automatically, without any consent prompt, retention control, or visibility into where sensitive data is being copied. In a memory-watcher context, users may place secrets, personal notes, or proprietary material in the watched directory, so silent duplication into a second persistent store increases exposure and can defeat user expectations about deletion or locality of data.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.