Back to skill
Skillv1.0.3
VirusTotal security
MemVault · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:52 AM
- Hash
- a2a0c4a282e98cb0f0f9796a6164d344d51fad2eecd509afe2c4dedd587f80e5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: memvault Version: 1.0.3 The skill is classified as suspicious due to multiple vulnerabilities. The `scripts/install.sh` uses `curl -fsSL https://ollama.com/install.sh | sh` for Ollama installation, which is a supply chain risk as it executes unreviewed remote code. More critically, `scripts/memvault.sh` is vulnerable to shell injection, as the `user_id` parameter in `decay` and `stats` commands is directly interpolated into `curl` URLs without proper shell escaping, potentially allowing arbitrary command execution. Additionally, `memvault_server.py` has a potential LLM prompt injection vulnerability in its translation function, where LLM-generated summaries could theoretically manipulate a local LLM.
- External report
- View on VirusTotal