ClawHub

Openclaw Memory Lancedb 2026.5.26.Tgz

Security checks across malware telemetry and agentic risk

Overview

This official OpenClaw memory plugin persistently stores and recalls conversation memories, which is expected for its purpose but should be enabled with privacy awareness.

Install only if you want persistent long-term memory. Review the database path, embedding provider, API key, and storage options; keep auto-capture disabled unless you are comfortable with selected conversation details, including possible personal information, being stored and later recalled into context. Use the forget/list tools to audit or delete memories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The plugin automatically captures and persists user message content at the end of a session without any explicit user-facing notice or consent at the point of collection. Because the capture logic is designed to retain conversational content long-term, users may unknowingly disclose sensitive preferences, contact details, or personal facts that become durable records.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The manifest advertises automatic capture of conversation content without explicitly warning that user messages may be stored persistently and could include sensitive data. In a memory plugin, this increases the risk of unintentional retention of secrets, personal data, or proprietary information, especially because users may enable the feature based on minimal UI guidance.

Missing User Warnings

Low
Confidence
81% confidence
Finding
Automatic recall means prior stored content may be injected back into the active context, but the UI text does not make that consequence explicit. This can lead to accidental resurfacing of sensitive or irrelevant historical data into prompts or agent workflows, increasing confidentiality and prompt-context leakage risk.

Ssd 3

Medium
Confidence
95% confidence
Finding
The trigger set explicitly matches personal data patterns such as phone numbers, email addresses, identity statements, and preference language, which makes the system likely to store sensitive user details in long-term memory. This creates privacy and data-minimization risks, especially because capture is heuristic and not tied to explicit confirmation from the user.

Ssd 3

Medium
Confidence
96% confidence
Finding
The agent_end lifecycle hook iterates through user messages, decides which are 'capturable,' embeds them, and stores them automatically without any explicit per-item approval. Even though it attempts to screen out prompt injection and duplicates, it still performs silent persistence of user-derived content, which can retain sensitive conversational data beyond the user's expectations.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal