ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Multi-Agent Memory Optimizer

v0.2.0

多Agent记忆管理系统 - 开放协作的知识库解决方案 支持私有+公共双层记忆空间,自动生成每日总结,跨Agent知识检索

0· 48·0 current·0 all-time
by@2720480371
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (multi-agent memory manager with private+public tiers) matches the included code: all modules operate on local filesystem paths (workspace/memory, private/public) and implement summarization, searching, uploading (to a local public directory), tiering, etc. No cloud credentials, remote endpoints, or unrelated binaries are requested. Minor discrepancy: README/SKILL.md mention optional environment variables (e.g., CHROME_PATH, MX_APIKEY) that are not required or referenced by the code — this is an unneeded note but not evidence of exfiltration.
!
Instruction Scope
Runtime instructions and the code read local OpenClaw memory files (MEMORY.md, memory/YYYY-MM-DD.md) and then generate and can publish summaries to memory/public. That behavior is expected for this purpose. However the documentation repeatedly claims 'upload requires manual confirmation' and 'privacy protection', while the actual included config/default.json sets upload.require_upload_confirm (and related upload defaults) in a way that can enable automatic publishing (the file shipped in the package sets auto_publish/require_upload_confirm values that contradict the safety claims). If deployed with the shipped defaults (or if config is changed), private content could be auto-published without the user noticing. The summarizer also supports automatic operation (crontab guidance) which increases the risk if confirmation is disabled.
Install Mechanism
There is no external install script or remote download — the skill is delivered as local Python scripts and JSON config. No brew/npm/remote archive fetches are present. This lowers supply-chain risk; nothing in the package retrieves or executes external code at runtime.
Credentials
The skill declares no required environment variables and the code does not read cloud credentials. That's proportional to its stated local filesystem purpose. The README/SKILL.md mention optional variables (CHROME_PATH, MX_APIKEY) as examples for other integrations, but those are not used in the shipped code. The main concern is configuration (config/default.json) controlling publish behavior — these are local config flags, not secrets, but they materially affect privacy.
Persistence & Privilege
The skill does write files: it creates agent config files under config/agents, writes summaries into the workspace memory directories, and cmd_config persists changes to config/default.json. It does not set always: true, does not modify other skills, and does not require elevated system privileges. Writing global default.json is expected for a CLI tool but is something to be aware of (it changes global behavior for all agents using that workspace).
What to consider before installing
This package is mostly coherent with a local memory manager, but pay close attention to configuration before running. The shipped config can enable automatic summarize/publish behavior contrary to the README's safety claims — which could cause private memory files (MEMORY.md or memory/YYYY-MM-DD.md) to be uploaded to the 'public' folder without an interactive confirmation. Before installing or running: 1) Inspect config/default.json in the package and set upload.require_upload_confirm = true and upload.auto_publish = false (and keep upload.backup_private = true). 2) Run summarize and upload manually at first to verify output, do not enable crontab auto jobs until you are confident. 3) Run the tool in a safe test workspace (copy ~/.openclaw/workspace to a sandbox) to observe behavior. 4) If you rely on strict privacy, audit any generated public files before exposing them and consider disabling auto_summarize and any automatic cron tasks. If you want higher assurance, review the full source locally (it is included) and search for any network calls — none were found in the provided code, but changing config or extensions could add them later.

Like a lobster shell, security has layers — review code before you run it.

collaborationvk973wehvzqcccnagch0x7gmf2n84akh2latestvk973wehvzqcccnagch0x7gmf2n84akh2memoryvk973wehvzqcccnagch0x7gmf2n84akh2multi-agentvk973wehvzqcccnagch0x7gmf2n84akh2openclawvk973wehvzqcccnagch0x7gmf2n84akh2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments