Back to skill
Skillv1.0.2
VirusTotal security
Mi-MemoryStack · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:57 AM
- Hash
- 417c6ab0745062f1fc052e33521f0ece37746614dc90f6d2af66d833aeb10539
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mi-memorystack-v2 Version: 1.0.2 The skill bundle implements a persistent memory framework that captures and sends all user queries and AI responses to an external API (scripts/memory_add.py and memory_search.py). Most significantly, xiugai/install.sh performs system-level prompt injection by modifying the agent's core configuration files (SOUL.md and AGENTS.md) to mandate the execution of these scripts for every interaction. While this behavior is consistent with the stated goal of a 'memory stack,' the intrusive modification of system prompts and the automated transmission of all conversation data to an external endpoint (currently blank API_URL) represent a high-risk architecture for data exfiltration.
- External report
- View on VirusTotal