ClawHub

Openclawdy

Security checks across malware telemetry and agentic risk

Overview

OpenClawdy is a disclosed hosted memory service for agents, with privacy-sensitive features that users should configure carefully.

Install this only if you want a third-party service to persist selected agent memories. Use a dedicated wallet for signing, do not store secrets or sensitive personal/business data unless you intend to, treat pool_id values as private, and require explicit confirmation before clear, delete, pool-sharing, or snapshot overwrite actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill is framed as generally useful whenever persistent memory could help, but it does not define clear activation boundaries or decision criteria for when data should be sent to the remote service. In an agent setting, this can cause over-collection and routine transmission of conversational, behavioral, or user-specific data to a third-party backend without sufficient necessity checks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill encourages storing facts, preferences, decisions, and learnings in a remote memory service but does not clearly require warning the user before transmitting potentially sensitive personal or organizational data off-system. Because the feature is specifically designed for persistence and semantic recall, accidental storage of sensitive information is a realistic privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The cross-agent memory pool feature enables data sharing across agents, but the documentation does not clearly warn that shared pool contents may expose sensitive prompts, observations, or user information beyond a single agent boundary. That makes misuse more dangerous than ordinary memory storage because the blast radius expands from one agent vault to multiple consumers.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
Snapshot restore supports an overwrite mode that can replace the current memory state, yet the feature description does not prominently warn about destructive restoration effects at the point of use. In an autonomous agent context, insufficient warning can lead to accidental data loss, rollback to stale state, or corruption of current operational memory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal