Is achals-iglu/remember-me safe?

https://github.com/openclaw/skills/tree/main/skills/achals-iglu/remember-me

87
SAFE

This memory management skill appears legitimate and well-designed for improving user experience through persistent context. While it raises some privacy concerns regarding behavioral data collection and agent modification, the implementation includes reasonable safeguards and shows no evidence of malicious intent or data exfiltration.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

MEDIUM Agent Behavior Modification Based on User Data -15

The skill instructs agents to adapt their communication style, tone, and approach based on stored user preferences and behavioral patterns. This creates a stateful agent that modifies its responses based on accumulated user data.

LOW User Behavioral Data Collection -10

The skill systematically collects and stores user preferences, behavioral patterns, decision-making styles, and inferred psychological attributes, creating detailed user profiles over time.

LOW Active User Probing Instructions -15

The skill instructs agents to actively probe users with questions to validate behavioral assumptions and gather additional personal information.