ClawHub
Back to skill

Security audit

Openclaw Memorize

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local memory tool, with the main caution that anything saved persists in a plaintext local file.

Install only if you are comfortable with a local plaintext memories.json file under the OpenClaw workspace. Do not save secrets, tokens, passwords, regulated data, or private notes unless you intentionally want them retained and printed by the CLI. Review and delete old memories periodically, and review future updates because publisher/source transparency is limited.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
83% confidence
Finding
The description is very broad: it invites use whenever information should be persisted across sessions, which can cause the skill to trigger in many ordinary conversations. In an agent environment, over-broad activation increases the chance that sensitive user data, credentials, or incidental context gets stored without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The file advertises persistent storage and deletion features but does not warn users that data remains on disk across sessions or that delete operations may be irreversible. This can lead to unintentional retention of sensitive information and accidental destructive actions, especially in a memory skill whose core purpose is to store arbitrary user-provided content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill persists arbitrary user-provided values to a predictable local file and immediately echoes them back to stdout, which can expose sensitive information such as preferences, tokens, or private notes to shell history, terminal logs, screen recordings, or other local users. In the context of a memory-management skill, handling sensitive content is likely, so the lack of warning, redaction, or sensitivity controls makes this a real privacy/security weakness even though there is no clear malicious behavior.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal