ClawHub

Shared Memory Os

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent memory-maintenance tooling, but it needs Review because setup can create enabled recurring OpenClaw jobs with exec/read access and scripts are hard-coded to one local workspace path.

Install only if you intentionally want recurring automated memory maintenance. Before running setup, verify the target workspace path, review the three cron jobs, and know how to disable or remove them if the automation is no longer wanted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The skill presents itself as memory governance/documentation, but the instructions also direct creation and updating of persistent cron jobs, migration of notes into memory, and report/template writes. That mismatch is dangerous because users may invoke it expecting passive organization help, while it actually performs durable system and workspace modifications that can continue autonomously after the session.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs agents to immediately create recurring cron jobs and run a full maintenance pass without an explicit warning or consent boundary. This is dangerous because it causes persistent autonomous execution with exec/read privileges, potentially modifying workspace state repeatedly and surprising users who only intended one-time setup or review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script persistently creates or edits scheduled OpenClaw cron jobs and enables them automatically, but provides no interactive confirmation, dry-run mode, or explicit user-facing notice before modifying the local scheduler state. In an agent-skill context, that is security-relevant because installation or execution of the skill can silently establish recurring automated actions that repeatedly invoke exec/read capabilities against the workspace, increasing the blast radius of any mistake or later prompt/content tampering.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal