Back to skill
Skillv0.1.0
VirusTotal security
DreamMoon MemProcessor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:41 AM
- Hash
- bc9e0d511c14d80f0ac7dca697efe63d4b0f0f3b9d4a5a859af1b8b0f252fe73
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dreammoon-memprocessor Version: 0.1.0 The bundle implements a sophisticated memory and persona management system but contains a critical security vulnerability in 'app/core/l1_storage.py' through the use of 'pickle.loads' for deserializing cached memory items, which presents a Remote Code Execution (RCE) risk. Additionally, 'memory-manager.sh' contains hardcoded absolute paths to the '/root/' directory and specific Conda environments, which is a poor security practice and suggests the script is tailored for a specific, potentially privileged environment. While 'app/services/event_detector.py' includes a security-positive feature to detect and de-prioritize sensitive data like GitHub tokens and OpenAI keys, the architectural flaws and unsafe serialization methods justify a suspicious classification.
- External report
- View on VirusTotal