ClawHub

Bud Semantic Memory

Security checks across malware telemetry and agentic risk

Overview

This appears to be a memory skill, but its local/private framing is undercut by sending memory content to Gemini for embeddings.

Review before installing. Use it only if you are comfortable with memory content being embedded and potentially sent to Gemini, or confirm there is a fully local mode. Avoid storing secrets, credentials, personal records, or confidential work notes unless retention, deletion, and external API behavior are clear.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest and description emphasize local ChromaDB storage, but the documentation says embeddings may be generated via the Gemini API. That discrepancy is security-relevant because memory contents may leave the local machine despite the skill being presented as local/private, creating an integrity and transparency problem around data flow.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The documentation introduces external API access for embeddings even though the skill is framed as a local semantic-memory tool. Because the indexed content is memory data, unclear justification for third-party transmission increases the risk of accidental disclosure of potentially sensitive notes, credentials, or operational details.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill states that it reads all memory markdown files and generates embeddings via Gemini API, but it does not clearly warn users that memory contents may be sent to an external service. In a memory-management context, this is more dangerous because those files often contain sensitive personal, financial, or operational information, so silent transmission can cause significant privacy and confidentiality harm.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The `add_memory` path persists arbitrary supplied text to a predictable local file under `~/.openclaw/workspace/memory` without any user-facing warning, consent check, or sensitivity filtering. In a memory skill, this increases the risk that secrets, personal data, or sensitive prompts are stored durably on disk and later exposed to other local processes, backups, or users with filesystem access.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The code forwards memory text into the embedding/vector-storage pipeline without clearly informing the user that the content will be processed and persisted in the local vector database. Although the storage appears local rather than remote, semantic indexing can preserve sensitive material in an additional datastore, broadening the attack surface and making deletion/retention less obvious.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal