Is emphaiser/secondmind safe?

https://github.com/openclaw/skills/tree/main/skills/emphaiser/secondmind

67
CAUTION

SecondMind is a sophisticated AI memory system that processes user conversations and sends data to external services for analysis. While the functionality appears legitimate, it poses significant privacy risks by transmitting conversation data to OpenRouter API and Telegram services.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 25/100 · 25%
Code Execution 60/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (6)

HIGH Conversation Data Sent to External API -50

The skill sends user conversation data to OpenRouter API for LLM processing. All ingested conversation transcripts are processed by external AI services.

HIGH Telegram Data Transmission -25

Sends conversation summaries and proactive suggestions to external Telegram services, creating an additional exfiltration vector.

MEDIUM Automated Cron Job Installation -25

Automatically installs cron jobs that run every 30 minutes and every 6 hours, executing scripts with user permissions.

MEDIUM NPM Dependencies Installation -15

Executes npm install during setup, downloading and installing external packages that could contain malicious code.

MEDIUM Autonomous User Influence System -30

The initiative engine proactively generates and delivers suggestions to users, potentially influencing their behavior without explicit request.

LOW Indirect Prompt Injection Risk -15

Processes user conversation content that could contain malicious prompts, potentially affecting LLM behavior during knowledge extraction.