ClawHub

Claw Memory Lite

Security checks across malware telemetry and agentic risk

Overview

This is a local OpenClaw memory helper; it has expected privacy implications from storing memory notes, but no evidence of exfiltration or malicious behavior.

Install only if you want local long-term memory indexing. Before enabling heartbeat or cron automation, review what is in memory/*.md and REGRESSIONS.md, keep API keys/passwords out of those files, use review mode where available, and remove the scheduled command or delete ~/.openclaw/database/insight.db if you want to stop or clear stored memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README instructs users to enable automated extraction via HEARTBEAT without clearly warning that local memory content will be periodically read and persisted into a SQLite database. In an agent skill context, silent or insufficiently disclosed collection and storage of potentially sensitive notes, configuration details, or security-related memory increases privacy and data retention risk, especially if users assume the feature is lightweight but not persistent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs users to automate extraction from daily log files into a persistent SQLite database, but the description does not clearly warn that potentially sensitive log content will be copied, retained, and made queryable long-term. This increases the risk that users enable automation without understanding the privacy and data-retention implications, especially if logs contain secrets, personal data, or internal project information.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation states that the extraction script automatically updates MEMORY.md, but it does not clearly warn that running the integration modifies a user-managed file. Silent or unexpected modification of workspace files can overwrite manual edits, create integrity issues, or leak derived memory content into files the user did not intend to change.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The backup/export examples write memory contents to local JSON and Markdown files without any privacy or data-handling warning. Since memory data may contain sensitive prompts, notes, or credentials, exporting it to portable plaintext files increases exposure through weaker file permissions, accidental commits, or inclusion in backups.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The script extracts content from markdown files and persists derived facts and keywords into a long-term SQLite database and MEMORY.md without any consent, sensitivity filtering, or confirmation step. In this skill context, the source files may contain credentials, personal data, internal project details, or security-relevant notes, so automatic persistence increases the chance of retaining and propagating sensitive information beyond its original scope.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The checklist directs periodic execution of a memory extraction script that writes data into persistent storage ('database + MEMORY.md') without any mention of user notice, consent, scope limits, or review. In an agent skill context, silently persisting conversation-derived memory can capture sensitive or unnecessary data and create privacy, retention, and misuse risks over time.

VirusTotal

51/51 vendors flagged this skill as clean.

View on VirusTotal