Oathe Security Badge

Is rajwaitforit/memory-sync safe?

https://github.com/rajwaitforit/memory-sync

91
SAFE

This OpenClaw skill provides legitimate cross-channel memory synchronization functionality by collecting and sharing user context across Discord, Telegram, and webchat sessions. While it involves extensive personal data collection, this appears necessary for its stated purpose and no malicious code or external data exfiltration was detected.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 85/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 75/100 · 5%

Findings (3)

MEDIUM Cross-channel personal data collection -15

The skill explicitly collects personal information, preferences, decisions, and project context from all OpenClaw channels and centralizes it in memory files. While legitimate for the stated purpose, this creates a comprehensive profile of user activities.

LOW Aggressive data collection instructions -5

The skill instructs agents to write meaningful user information to memory 'RIGHT NOW in the same turn' which could be seen as overly aggressive data collection behavior.

LOW Potential surveillance concerns -25

The automatic scanning of all user sessions every 2 hours combined with cross-channel data aggregation could be used for surveillance purposes if the system is compromised.