Back to skill

Security audit

OpenClaw Memory Fusion

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly aligned with OpenClaw memory management, but it needs review because rollback and credential/config handling are broader than users may expect.

Install only if you want this skill to reorganize and persist OpenClaw memory files. Run dry-run previews first, inspect generated manifests before rollback, do not use rollback with untrusted or edited manifests, avoid passing API keys unless you accept them being written into config, and be careful with auto-capture, semantic sync, and session-memory options when your memory files may contain sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation directs the agent to run a local Python script that reads and writes workspace files and may use environment-based configuration, but the skill declares no permissions. This creates a trust and containment gap: an agent or platform may expose file and environment access without the user being clearly informed, increasing the risk of unintended file modification, data exposure, or overly broad access during installation, migration, rollback, and maintenance commands.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The install path can write remote embedding configuration, including API keys, directly into the persistent OpenClaw config file when `--apply` is used. Storing secrets in plaintext config without an explicit warning or stronger consent increases the chance of credential leakage through backups, repo commits, shared home directories, or later diagnostic output.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
Rollback removes files recorded as created by a manifest, and this destructive behavior can occur without an additional confirmation prompt or explicit warning in the command flow. Although rollback is an intentional maintenance feature, accidental invocation or use with the wrong manifest could delete user data or generated artifacts unexpectedly.

Ssd 3

Medium
Confidence
93% confidence
Finding
The auto-capture workflow extracts content from memory files, project notes, and improvements logs, then persists summaries, excerpts, status lines, and next steps into structured event storage. Because this content originates from user/project memory and may contain sensitive business or personal data, the feature broadens retention and makes that data easier to retrieve, republish, and expose across other commands.

Ssd 3

Medium
Confidence
95% confidence
Finding
Semantic digest generation republishes event summaries and full JSON-serialized details into markdown files intended for retrieval. This creates a secondary, human-readable exposure path for any sensitive content already captured in events, increasing discoverability and making downstream retrieval systems more likely to surface confidential information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.