Back to skill

Security audit

OpenClaw Workspace Starter Agent Home Template

Security checks across malware telemetry and agentic risk

Overview

This is a coherent memory-workspace template, but it gives the agent broad file and background-maintenance authority that users should review before installing.

Install only if you want an agent that keeps local memory and may maintain it during scheduled heartbeats. Before use, edit AGENTS.md and HEARTBEAT.md to limit writes to specific memory files, require confirmation for file organization or documentation changes, avoid storing secrets or highly sensitive personal details, and review daily memory and backup contents before syncing or sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document makes conflicting claims about when MEMORY.md is loaded: earlier it says MEMORY.md is read every session automatically, while the privacy section says it is only loaded in direct conversations. This inconsistency can mislead users about when sensitive long-term memory is exposed, causing unintended disclosure in shared or group contexts.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The phrase suggesting users can say commands like "add X to my plan" or "mark X as done" creates a broad natural-language trigger surface that may cause unintended invocation by other agent components or ambiguous routing in systems that watch workspace files for actionable instructions. In this context the file is a workspace template, not an execution policy, so the issue is not overtly malicious, but it can still lead to accidental state changes if agents treat documentation text as live commands.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases for persistence, such as 'Write that down' or 'Remember this,' are broad and conversational, which increases the chance the agent will store sensitive or unintended content without sufficient confirmation. In multi-party or ambiguous contexts, this could lead to unauthorized persistence of private data or prompt-injected instructions.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file describes automatic reading of workspace files and ongoing note-writing as normal behavior, but does not clearly foreground the privacy and integrity implications of that access. Users may not realize the agent will inspect and modify files by default, which can lead to unintentional exposure of sensitive information and unexpected changes to the workspace.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The heartbeat section states the agent may perform background organization and maintain memory files, implying autonomous file modifications without explicit per-action notice. This creates risk of silent changes, data corruption, or persistence of sensitive content outside the user's active awareness.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The FAQ explicitly tells users to delete workspace files to start over, but it does not warn that those files may contain the agent's persistent memory, configuration, or other user-authored state. This can lead to accidental irreversible data loss, especially because the surrounding text minimizes risk by stating the worst case is simply deleting files and starting over.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The file explicitly authorizes the agent to perform background work such as organizing memory files, updating documentation, and curating long-term memory without asking the user. Even if intended as convenience, this permits silent modification of user data during heartbeat execution, which can cause unwanted changes, data loss, or hard-to-audit state drift if the agent makes mistakes or is influenced by other prompt content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file explicitly instructs the agent to write daily notes and curate them into a long-term memory file, but it provides no user notice, consent mechanism, retention policy, or guidance on handling sensitive data. This can lead to silent persistence of personal, confidential, or regulated information across sessions, increasing privacy and data-governance risk.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file normalizes sending user data to external AI services and claims privacy protections are 'already built into the operating rules' without presenting a concrete user-facing consent boundary or warning about residual privacy risk. That can mislead users into believing sensitive information is safe to share broadly, increasing the chance that personal or confidential data is transmitted to third-party APIs without informed consent or proper minimization.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template explicitly invites users to provide broad personal information including timezone, availability, work patterns, family details, routines, and preferences, but provides no privacy warning, data minimization guidance, or examples of safer redaction. In an agent workspace context, this increases the chance that sensitive personal data will be stored persistently and exposed to the model or downstream tools beyond what is necessary for functionality.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README encourages copying sensitive files such as MEMORY.md, SOUL.md, USER.md, and AGENTS.md to backup locations, including off-machine storage, without warning about confidentiality, encryption, access control, or overwrite risks. In an agent workspace, these files may contain credentials, personal context, operational rules, or other sensitive data, so routine replication can expand the attack surface and increase the chance of data leakage.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly instructs the agent to create raw daily logs containing 'everything that happened,' including events, decisions, and context, but provides no warning or controls around sensitive data collection, retention, or review. In an agent workspace template, this encourages broad persistence of potentially secret, personal, or regulated information, increasing the risk of accidental retention, later disclosure, or unsafe reuse in prompts and outputs.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.