BEE Belief Extraction Engine

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed setup guide for an OpenClaw memory extension, with privacy-sensitive persistence users should understand before enabling.

Install only if you trust the @skysphere-labs/openclaw-bee npm or GitHub package. Treat BEE as persistent memory: session-derived beliefs may be stored indefinitely, reused in later sessions, and processed by the configured extraction model. Avoid secrets or regulated data unless you have reviewed the package and know how to disable extraction or inspect/delete the SQLite database.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly states that it persists beliefs indefinitely in a local SQLite database and sends session-derived belief data to an external LLM for extraction, but it does not provide a clear privacy warning, consent step, or data-handling disclosure. In a memory/persistence skill, this is especially sensitive because users may unknowingly store and transmit confidential prompts, agent outputs, or personal data across sessions and to third-party providers.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal