Back to skill

Security audit

Superlative Memory Manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory-management skill whose persistence behavior is disclosed and purpose-aligned, though users should treat it as a long-term memory feature rather than ephemeral context.

Install only if you want OpenClaw to retain and recall working context over time. Avoid storing secrets, regulated data, or sensitive customer information unless you have confirmed where the backing memory stores and logs live and how to inspect, disable, expire, or delete them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill describes semantic recall, tiered storage, Git notes, and monitoring events that include queries/results, but it does not clearly warn users that memory content and recall queries may be persisted and logged across multiple stores and retention periods. This creates a privacy and data-governance risk because users may submit sensitive information under the assumption it is ephemeral, when it may instead be retained in hot, warm, cold, archive, and monitoring systems.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.