ClawHub

memory management

Security checks across malware telemetry and agentic risk

Overview

This memory skill is mostly coherent, but it can persist user information, delete old memory logs, and copy OpenClaw config/API-key-related files during maintenance.

Install only if you want persistent cross-session memory and are comfortable reviewing what gets saved. Before enabling the cron workflow, remove the openclaw.json/API-key backup steps or handle them separately with explicit consent and secure storage. Prefer archive-before-delete for old memory logs and avoid saving secrets, account data, or private content unless intentionally scoped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (14)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill is ostensibly about memory management, but it extends into backing up core configuration and API-key-related files. That scope expansion is dangerous because it encourages the agent to touch sensitive system state and credential-adjacent artifacts unrelated to the user-facing memory function, increasing risk of secret exposure or unintended file operations.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The cron template instructs the agent to back up openclaw.json as part of daily memory maintenance, which exceeds the declared role of the skill. Embedding config management into an automated recurring task increases the chance of unnecessary access to sensitive configuration and normalizes privileged actions under a benign memory-management label.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad conversational commands that can easily appear in normal dialogue or quoted text, causing the agent to persist data without sufficiently explicit, scoped consent. In a memory-management skill, unintended writes are especially risky because they can store sensitive user data, poison future context, and create durable privacy and integrity issues across sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill encourages persistent storage of preferences, decisions, contacts, and conversation content but does not describe consent, retention limits, access controls, or handling of sensitive information. Because this is a memory system intended for cross-session recall, the omission materially increases privacy risk and can lead to collection of personal or confidential data beyond user expectations.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases such as 'remember this', 'save this', and 'don't forget' are common conversational language and can easily be invoked unintentionally. That can cause the agent to persist user content without clear, deliberate consent, creating privacy and data-retention risks.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The repeated manual triggers remain overly generic and can be matched during ordinary conversation. Repetition across the document reinforces unsafe defaults that may lead to accidental persistence of sensitive or private content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The maintenance workflow includes deletion of logs older than 30 days, but the description does not prominently warn users about automatic data deletion. Silent or poorly disclosed retention behavior can lead to loss of information users expected to remain available.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The backup guidance copies configuration into an API-keys backup file without a clear warning about secrets handling. This creates a real risk of credential exposure, confusion about file contents, and propagation of sensitive data into locations that may be treated less carefully.

Vague Triggers

Medium
Confidence
91% confidence
Finding
These repeated write triggers are still broad everyday phrases that can accidentally activate persistence behavior. Because the skill centers on long-term storage, accidental invocation raises meaningful privacy and data-minimization concerns.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The instructions again describe deleting old logs without a clear user-facing warning about retention and destruction. In a memory skill, undisclosed deletion policy is especially risky because users may assume the system preserves data unless told otherwise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The repeated backup examples involve credential-related files but do not clearly warn about secret exposure or handling requirements. Repetition makes it more likely implementers will copy unsafe patterns into production automation.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The Chinese manual triggers are also common conversational phrases and can cause accidental writes, mirroring the English issue. This broadens the risk across multilingual usage and increases the chance of unintentional persistence of sensitive content.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The Chinese maintenance guidance still omits a clear warning that old logs may be automatically deleted. This can mislead users about retention guarantees and result in unexpected data loss.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Chinese backup instructions again reference API-key backup files without clearly warning about credential sensitivity or exposure risk. This repeats the same unsafe secret-handling pattern across languages, increasing the chance of adoption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal