ClawHub

Openclaw Mem0

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Mem0 memory plugin, but users should understand it can automatically store and reuse conversation-derived personal context, including through a hosted Mem0 service.

Install only if you want persistent memory across conversations. Use a trusted Mem0 cloud or self-hosted endpoint, protect the API key, consider disabling auto-capture for sensitive work, customize the extraction rules to exclude data you do not want stored, and periodically review or delete memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (16)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises automatic recall and capture of conversation data into long-term memory but does not clearly warn users that potentially sensitive chat content may be persisted across sessions. In an agent context, users may disclose credentials, health details, personal preferences, or proprietary information, and silent retention increases the risk of privacy violations, over-collection, and unexpected reuse of sensitive data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The cloud/platform configuration is presented as the recommended mode without a clear warning that user conversation data and memories may be transmitted to an external Mem0-hosted service. This is dangerous because operators may enable the plugin assuming memory stays local, causing unintentional third-party data sharing, compliance issues, and exposure of sensitive business or personal information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README advertises automatic recall and automatic capture of conversation content, but it does not clearly warn users that conversation data may be persisted and later reused. In an agent memory plugin, this can lead to unintentional storage of sensitive personal, business, or regulated data without informed consent or clear operator awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The platform/cloud mode is presented as recommended, but the documentation does not clearly warn that memory contents may be transmitted to and stored by a hosted third-party service. Because this plugin handles long-term memory derived from user conversations, the missing disclosure materially increases privacy, compliance, and data-handling risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly states it will automatically search memory before every turn and inject retrieved content into the system prompt, and will automatically analyze and store conversation facts after every turn, but it provides no warning, consent flow, retention policy, or guidance on handling sensitive data. This creates a real privacy and prompt-safety risk because users may unknowingly have personal or confidential information persisted and then resurfaced into future prompts, increasing the chance of unintended disclosure, over-collection, or prompt contamination from stored content.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest advertises automatic storage of conversation context after each agent turn, but it does not define scoping, exclusions, consent boundaries, or safeguards for sensitive data. In a memory skill, this can cause over-collection of user data, secrets, or regulated information and send it to external storage without sufficiently explicit privacy controls.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest describes automatically injecting relevant memories before each agent turn without defining trigger boundaries, trust controls, or filtering rules. Broad auto-recall can surface sensitive prior data into unrelated contexts, increase prompt-injection risk via stored content, and create cross-turn data exposure if memory scoping is weak.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest enables automatic storage of conversation context but does not present an explicit warning about privacy consequences, external transmission, or data persistence. Because this skill is specifically a memory plugin with cloud/self-hosted modes and API-based storage, the lack of a clear warning increases the chance that users unknowingly persist sensitive conversational data.

Missing User Warnings

High
Confidence
96% confidence
Finding
The plugin automatically captures recent conversation messages and stores them in Mem0 after each agent run, including user and assistant content, without any per-conversation notice, consent flow, or granular opt-in. In platform mode this can result in sensitive personal or proprietary data being transmitted to a remote service and retained long-term, especially because the default extraction instructions encourage broad profile building.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Before each agent start, the plugin sends the current prompt to the memory backend as a search query without user-facing disclosure. Even if used only for retrieval, prompts may contain sensitive information, and in platform mode this shares that data with an external provider outside the immediate model interaction path.

Missing User Warnings

High
Confidence
94% confidence
Finding
The library exposes multiple destructive operations, and `deleteUsers()` is especially dangerous because when no selector is supplied it enumerates all entities and deletes them all, returning success for mass deletion. There is no built-in confirmation gate, dry-run mode, scope restriction, or protective flag, so an accidental call, misuse by an agent, or hostile prompt/tool invocation could cause large-scale irreversible data loss.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly offers automatic storage of conversation context after each agent turn, but the UI help text does not warn users that prompts may be transmitted to a third-party memory service and retained. In a memory plugin, this can capture sensitive user data, secrets, or regulated information without sufficiently informed consent, making the privacy risk real even if the feature is intended.

Missing User Warnings

Low
Confidence
84% confidence
Finding
Auto-recall automatically injects stored memories into future agent turns, but the configuration text does not explain that prior sensitive information may reappear in prompts or be exposed in downstream model calls. In this memory-plugin context, the behavior is expected, but the missing warning still creates a legitimate privacy and prompt-scope risk.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest advertises automatic capture of conversation context after each agent turn, but it does not define scope limits, exclusions, or safeguards for sensitive data. In a memory plugin, this can lead to over-collection of personal, confidential, or regulated information and unintended persistence of user prompts and model outputs.

Missing User Warnings

High
Confidence
94% confidence
Finding
The plugin enables automatic storage and recall of conversation data, yet the manifest text does not provide an explicit privacy warning about what data may be retained, where it is sent, or the consequences of enabling it. Because this is a memory skill that may send data to a cloud host and persist user interactions, users could unknowingly expose sensitive conversations to external storage or long-term retention.

Ssd 3

Medium
Confidence
94% confidence
Finding
The default memory instructions direct extraction of extensive personal data including identity, relationships, routines, work context, life events, and health-related information for long-term retention. In the context of a memory plugin with auto-capture and auto-recall enabled by default, this broad collection materially increases privacy risk, over-collection, and the chance that sensitive data is retained or exfiltrated beyond user expectations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal