ClawHub

memory-index

Security checks across malware telemetry and agentic risk

Overview

This memory skill is not malware, but it asks agents to quietly manage, rewrite, share, and clean up persistent memory without clear user approval or rollback controls.

Install only if you want OpenClaw agents to maintain persistent local memory for you. Before using it, set explicit rules that memory initialization, migration, sub-agent writes, archiving, and cleanup require your approval, and avoid storing secrets or sensitive personal history in these memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that the skill will 'automatically take over' OpenClaw's underlying storage routing, but it does not clearly disclose what data is intercepted, how it is stored, whether data boundaries change, or what consent/rollback mechanisms exist. For a memory and persistence component, silent takeover of storage paths can materially affect confidentiality, retention, and integrity expectations, making this a genuine security-relevant documentation flaw.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to create and modify persistent memory files automatically, but it does not require explicit user consent, visibility, or confirmation before writing long-term data. In an agent setting, this can lead to silent retention of sensitive information, privacy issues, and unexpected persistence of user content beyond the current session.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill authorizes sub-agents to modify shared context files and mentions edit-only discipline, but it lacks strong safeguards such as locking, conflict detection, user approval, or audit logging. This creates a real risk of race conditions, unintended overwrites, and hidden changes to shared memory made by automated agents without the user's awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The maintenance and archival workflow instructs the agent to delete, clean, or condense memory artifacts to save tokens without requiring backup, review, or confirmation. That is dangerous because it can irreversibly remove useful history, destroy forensic traceability, and cause silent data loss in a long-lived memory system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal