Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
memory-persistence
v1.0.1Multi-backend memory system with optional embedding, private/shared memories, conversation summarization, and maintenance tools. For AI agents to store and r...
⭐ 0· 66·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md implement a memory system with optional embeddings and GitHub/Gitee backends — this matches the skill name and description. However, the registry metadata declares no required environment variables while the README and SKILL.md explicitly reference GITHUB_TOKEN, GITEE_TOKEN and shared backend tokens; that omission is an incoherence. Also the summarizer claims to 'auto-detect OpenClaw model' which implies reading agent configuration or contacting an LLM provider — capability that should have been declared.
Instruction Scope
The SKILL.md instructs installing heavy packages (sentence-transformers, scikit-learn, numpy) and indicates the embedding model will be auto-downloaded on first use. It also documents using GitHub/Gitee tokens and 'auto-detect OpenClaw model' for summarization. Those instructions allow network access and model downloads and may read agent/config state; the skill instructions do not clearly limit or disclose those behaviors to the registry metadata.
Install Mechanism
No formal install spec in the registry (instruction-only), but SKILL.md instructs pip installing large dependencies and embedding models are auto-downloaded at runtime. That is common for embedding tooling but increases runtime network activity and disk usage; no packaged release URL or validated installer is provided.
Credentials
Registry lists no required environment variables, yet config.yaml and SKILL.md reference multiple token env names (GITHUB_TOKEN, GITEE_TOKEN, SHARED_GITHUB_TOKEN, SHARED_GITEE_TOKEN, etc.). Requesting repository tokens is reasonable for GitHub/Gitee backends, but the omission from declared requirements is a mismatch and reduces transparency. The number of potential secret envs is significant relative to a local-memory convenience tool; you should only provide tokens when you intentionally use remote backends.
Persistence & Privilege
The skill does not request 'always: true' and uses the normal agent invocation model. It writes/reads local directories (./memory_data, ./shared_memory, sqlite files) and can push/pull to remote git hosting via provided tokens. That file-system and network persistence is consistent with a memory/storage tool but increases blast radius if remote tokens are supplied.
What to consider before installing
This package appears to implement the advertised memory system, but it has two important transparency issues to resolve before use: (1) it expects GitHub/Gitee tokens (and separate shared-repo tokens) though the registry doesn't declare them — only provide these secrets if you intend to use a remote backend and understand the permissions; (2) embeddings and summarization will download models and may call external LLM providers or read agent configuration (the README mentions auto-detecting OpenClaw model). To reduce risk: run it in an isolated environment, prefer the local or sqlite backend until you've reviewed storage/github.py and summarizer.py to confirm what remote operations and config reads are performed, avoid supplying broad-scoped repo tokens (use least-privilege PATs scoped to a single repo), and review any network activity/logging during a trial run. If you want, I can inspect storage/github.py and summarizer.py lines specifically for network endpoints, auth usage, and any code that reads system/agent config to give a higher-confidence verdict.Like a lobster shell, security has layers — review code before you run it.
latestvk97atwr5aq0gqexbrb3w64ywkh83nxcc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.