yf-memo
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: yf-memo Version: 1.0.0 The skill implements a functional personal memo system but contains significant shell injection vulnerabilities. The `memo-helper.sh` script uses unsanitized user input directly within `sed` commands and shell arguments, which could be exploited to execute arbitrary commands if a user provides a crafted task description (e.g., containing backticks or semicolons). While the behavior appears aligned with the stated purpose of task management and no clear evidence of intentional malice or data exfiltration was found, the high-risk execution patterns in `SKILL.md` and `implementation.md` warrant a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent followed the unquoted reference pattern instead of the safer quoted examples, unusual task text containing shell metacharacters could be handled unsafely.
The reference implementation shows shell command construction using extracted user task content without quoting. The main SKILL.md examples use quoted arguments, so this appears to be an implementation-quality note rather than hidden behavior.
result = exec_command(f'sh memo-helper.sh add {content}')Use the quoted command forms from SKILL.md and pass task text as a single argument; avoid constructing shell commands with raw user text.
Running the test script on a real workspace could remove current pending and completed memo items.
The test script deletes and later recreates the skill's memo files. It is scoped to this skill's local workspace data and is not shown as automatically executed, but running it could erase existing todos.
rm -f ~/.openclaw/workspace/pending-items.md 2>/dev/null rm -f ~/.openclaw/workspace/completed-items.md 2>/dev/null
Back up pending-items.md and completed-items.md before running the test script, or run tests in a disposable workspace.
Personal tasks and completion history will remain on disk and may be visible to anyone or any tool with access to the OpenClaw workspace.
The skill persistently stores user task descriptions and completed-task history in local OpenClaw workspace files, which is expected for a memo system.
TODO_FILE="$HOME/.openclaw/workspace/pending-items.md" DONE_FILE="$HOME/.openclaw/workspace/completed-items.md"
Avoid storing highly sensitive secrets in todo items, and manage file permissions/backups for the OpenClaw workspace.
If enabled, the skill may run a daily local summary job that reads pending items and writes a memo log.
The hook documentation describes optional scheduled daily summaries. This is disclosed and purpose-aligned, and the artifacts do not show a hidden auto-installed background process.
Sets up cron job - Optionally configures daily summary at 10:00 AM
Enable the cron/hook option only if you want scheduled summaries, and review or remove the scheduled job if you no longer need it.
Manual installation can lead to path or permission mistakes, and users rely on the copied local scripts for behavior.
Setup is manual and depends on local script files being copied and made executable, while the registry summary says there is no install spec. This is not suspicious by itself, but users should verify the files they install.
Place the entire yf-memo directory into ~/.openclaw/skills/ Ensure scripts are executable: chmod +x scripts/*.sh
Install only from a trusted copy of the skill directory and review the scripts before making them executable.