relation-keeper

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local relationship-memory and reminder tool, but it stores sensitive personal details and installs a recurring reminder scan.

Install only if you want OpenClaw to keep persistent local relationship memory and run a reminder scanner every 15 minutes. Store the data directory somewhere protected, avoid saving unnecessary addresses or phone numbers, review or delete the bundled sample profile, and be careful with RELATION_KEEPER_CHANNEL because reminder text may be sent to an external service.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (11)

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: The install script automatically creates a recurring OpenClaw cron/system-event task during postinstall, causing code to execute every 15 minutes outside the user's immediate installation flow. That persistence and external scheduling exceed simple local data initialization and can surprise users, creating a durable execution channel that could expose sensitive relationship data or be repurposed for unwanted notifications or data processing.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README states that running `npm install` will automatically configure a scheduled task every 15 minutes, but it does not clearly warn users that installation changes their persistent task scheduler. Automatic persistence mechanisms are security-sensitive because they alter host behavior outside the app itself and can surprise users or enterprise environments that expect package installation to be side-effect free.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill is designed to collect and retain highly sensitive personal data, including birthdays, phone numbers, addresses, and relationship history, yet the README provides no privacy, consent, retention, or access-control guidance. In this context, omission of handling safeguards is dangerous because the dataset is unusually intimate and could expose both the user and third parties if the local files are accessed, synced, or backed up insecurely.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README documents Telegram push delivery for reminders but does not warn that reminder content or metadata may be transmitted to an external service and exposed in a third-party chat channel. Because this skill handles sensitive relationship data, sending reminders off-device materially increases confidentiality risk, especially if summaries include names, birthdays, anniversaries, or meeting details.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are very broad and map to ordinary conversation about people, birthdays, meetings, and reminders. In practice this can cause the skill to activate and persist relationship data without sufficiently clear, per-action consent from the user.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill is designed to store highly sensitive third-party personal data, including addresses, phone numbers, birthdays, and relationship history, but the description does not prominently warn users about that risk. Without clear notice, users may disclose or authorize storage of data they would not otherwise persist.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The installation behavior automatically configures a recurring cron job, but this operational side effect is not surfaced as a clear upfront warning to users before install. Silent background scheduling increases surprise, expands persistence, and may route reminders after the user forgets the skill is active.

Missing User Warnings

Medium

Confidence: 76% confidence
Finding: saveJson overwrites the entire JSON file without atomic write protections, locking, backup, or integrity checks. In a skill that stores sensitive relationship data, a crash, concurrent write, or malformed caller input could corrupt or destroy persisted records, causing data loss and possible privacy issues if files are partially written.

Ssd 3

High

Confidence: 99% confidence
Finding: The core function of the skill is persistent collection and retrieval of sensitive personal data about contacts and shared experiences. This materially increases privacy risk because it aggregates phone numbers, addresses, birthdays, and behavioral history into long-lived local records that may later be exposed through broad queries or host compromise.

Ssd 3

High

Confidence: 99% confidence
Finding: The behavior guide directs the agent to parse and store private attributes from free-form conversation, including age, phone number, and other personal details. Automatic extraction from natural language raises the chance of overcollection, inaccurate records, and storing third-party data without their knowledge or lawful basis.

Ssd 3

High

Confidence: 97% confidence
Finding: The query behavior allows broad natural-language retrieval of stored personal profiles and event histories, which can reveal aggregated sensitive data to anyone with access to the chat/session. Because the retrieval prompts are simple and human-like, accidental disclosure to the wrong user or in the wrong context becomes more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal