Context Clear

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is a coherent memory-management plugin, but it automatically injects recent memory into prompts and can permanently delete stored memories without strong user controls.

Install only if you are comfortable with OpenClaw maintaining a persistent local memory store, automatically adding recent memory files to model prompts, and aging out old memories. Avoid placing secrets or sensitive notes in the managed memory folders, review ~/.openclaw/memory_fs before using /refresh, and consider backups or retention changes before relying on this for important conversation history.

SkillSpector (5)

By NVIDIA

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The top-level description is broad enough that the skill could be invoked during ordinary conversation about memory, refresh, retrieval, or cleanup, even when the user did not intend filesystem actions. In a skill that performs promotion, movement, and deletion of stored context, overbroad invocation criteria can trigger unnecessary or harmful state changes.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The retrieval activation rules include subjective conditions like self-perceived missing context, which gives the agent discretion to search stored memory without a precise user request. In a memory-management skill, that increases the chance of unintended access to historical data and cascades into side effects such as refcount updates and file rotation across storage tiers.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The lifecycle explicitly includes moving files into a forgotten tier and physically deleting them after time-based conditions, but the skill description does not present this as a prominent user warning or require consent. Because the skill manages conversation memory, undisclosed deletion behavior can cause irreversible data loss and undermine user expectations about persistence and recall.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The plugin automatically reads recent files from a user memory directory and prepends their contents to every prompt, without per-session consent, visibility, or filtering. In a memory-management skill, this is especially risky because stored notes may contain secrets, prior conversation data, or prompt-injection content that will silently influence downstream model behavior and may be exposed to tools or external model providers.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script permanently deletes files from forgotten/ after 30 days using f.unlink() with no user-facing warning, approval, quarantine, backup, or dry-run mode. In a memory-management skill, this is especially risky because the data being managed may be valuable conversational state, and accidental or premature deletion can cause irreversible loss of user context.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal