ClawHub

Neural Memory CN

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local memory tool, but it should be reviewed because its code can use an existing OpenRouter API key and send queries to an external LLM despite the registry not declaring credentials.

Install only if you are comfortable with a persistent local memory store. If you want purely local behavior, unset OPENROUTER_API_KEY and keep LLM settings disabled; if you enable LLM mode, assume your query text may be sent to the configured provider.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

If you already have OPENROUTER_API_KEY set, the skill may use that account and potentially incur costs without you configuring the skill-specific API key.

Why it was flagged

The code can consume a pre-existing OpenRouter credential from the environment, while the registry metadata says there are no required env vars or primary credential.

Skill content
self.llm_api_key = self.config.get('llm_api_key') or self._get_openrouter_key() ... return os.environ.get('OPENROUTER_API_KEY')
Recommendation

Require explicit LLM enablement, declare OPENROUTER_API_KEY in metadata if supported, and default to no credential use unless the user opts in.

#
ASI07: Insecure Inter-Agent Communication
Medium
What this means

Queries may leave the local machine and be processed by an external provider when LLM analysis is enabled or auto-enabled by an existing key.

Why it was flagged

The intent layer sends the user's query text to a configured external LLM endpoint for concept extraction.

Skill content
client = openai.OpenAI(api_key=self.llm_api_key, base_url=self.llm_base_url) ... messages=[{"role": "user", "content": f"""提取以下查询的关键概念... 查询: {query}
Recommendation

Only enable LLM mode deliberately, avoid entering sensitive queries when using provider mode, and document exactly what text is sent to which provider.

#
ASI06: Memory and Context Poisoning
Low
What this means

Information you teach the skill can persist across sessions and influence later retrievals or answers.

Why it was flagged

The skill intentionally saves learned content and associations into persistent local memory files.

Skill content
memory.learn_and_think(...); memory.save() ... ~/.openclaw/neural-memory/ ... neurons.json ... synapses/
Recommendation

Do not store secrets or sensitive personal data unless you intend them to persist, and periodically review or delete the memory files.