Back to skill

Security audit

memclaw-maintance

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill coherently guides users through installing and maintaining a persistent memory plugin, with sensitive behavior disclosed but worth reviewing before use.

Before installing, verify that you trust the external @memclaw/memclaw plugin and are comfortable with persistent memory being loaded at session startup. Use protected provider API keys, keep openclaw.json private, avoid storing secrets in memory, and review or disable scheduled maintenance and AGENTS.md changes if you do not want this behavior globally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The embedded AGENTS.md replacement instructs operators to force all memory activity through MemClaw and explicitly says not to use legacy memory paths, without presenting user consent, scope limits, or alternatives. In a maintenance skill, this is risky because it changes persistent agent behavior globally and can cause unintended retention of user data across sessions, increasing privacy and policy risk.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.