ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Orchestrator

v1.0.0

提供跨设备实时同步、多模态输入、情感标注和自我进化能力的全栈智能记忆管理与检索系统。

0· 132·1 current·1 all-time
byWang Youqing@822376583-hub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The files and instructions correspond to a memory manager (FAISS, CLIP, Whisper, Syncthing, Ollama), which is coherent with the description. However there are surprising cross-skill/hardcoded dependencies (references to a 'local-memory' skill and a fixed /home/claw/.openclaw/workspace path), and the install/run scripts try to enable systemd services and run sudo commands without declaring those privileges. Also SKILL.md/install steps reference tools and models (Ollama, Syncthing, git-crypt) that require additional privileges/configuration not described in the metadata.
!
Instruction Scope
Runtime instructions and scripts instruct the agent/user to run install.sh and run.sh which: enable/start systemd syncthing services (sudo), pull models via ollama, copy pre-session/post-session hook scripts into $WORKSPACE/.iflow/hooks, and install a cron job that runs auto-commit-memory.sh every 30 minutes. Those hooks and cron jobs will read user memory files (MEMORY.md and memory/*.md) and may commit/push them to a remote git origin if configured — i.e., they collect and can transmit potentially sensitive local data. The SKILL.md gives broad authority to run these system-modifying steps and to hook into session lifecycle, which expands scope beyond a passive library.
Install Mechanism
There is no registry install spec, but a provided install.sh will perform system changes. Dependencies are installed via pip (including a git+https pip line for CLIP), and models may be pulled by ollama. No external arbitrary IP download URLs are used, but the install script invokes systemctl and pip which require privileges and network access. Moderate risk because installation will alter system services and schedule cron jobs.
!
Credentials
The skill declares no required environment variables or credentials, yet scripts perform network operations (git push), may require Git credentials or SSH keys already present in the environment, and call ollama and syncthing which require local service setup. The install/run scripts assume a specific user path (/home/claw/.openclaw/workspace) and reuse other skill venvs (local-memory), implying cross-skill access. Auto-push behavior will use whatever git auth is configured on the host — sensitive data could be pushed without an explicit credential prompt.
!
Persistence & Privilege
Although always:false, the skill's installer copies pre/post session hooks into an iflow hooks directory and adds a cron job to auto-commit/push memory files; install.sh also attempts to enable/start a systemd syncthing service. These changes create persistent behaviors that run automatically and modify system configuration. They require elevated privileges (sudo/systemctl) and could create a persistent exfiltration path if git remotes are configured.
What to consider before installing
Proceed cautiously. Specific things to check before installing or running this skill: 1) Inspect the pre-session.sh and post-session.sh hook scripts (not shown fully here) — they will run automatically in session lifecycle and can read/transmit data. 2) Review scripts/auto-commit-memory.sh: it commits local MEMORY.md and memory/ files and will push to git origin if configured — ensure your git remote is trusted or disable the push. 3) The installer uses sudo/systemctl to enable/start syncthing@claw and writes a cron entry; run in an isolated VM/container if you want to test. 4) Note mismatches/sloppiness: install.sh calls python3 index_memory.py but the repo contains scripts/build_memory_index.py — this inconsistency could cause silent failures or unexpected behavior; confirm which scripts are actually executed. 5) The code references another skill’s venv and hardcoded path (/home/claw/.openclaw/workspace), which may lead to cross-skill access or privilege assumptions. 6) If you need this functionality, prefer reviewing and running individual components manually (CLIP/Whisper/FAISS indexing, Ollama usage, Syncthing setup) rather than running install.sh blindly. 7) If you decline to install, consider extracting only the non-persistent parts (e.g., local index builder) and avoid copying hooks/crontab entries. If you want more assurance, provide the hook scripts and the omitted truncated files for a deeper review — that could change the confidence level.

Like a lobster shell, security has layers — review code before you run it.

latestvk979kebm82szk2wjzwcjb4hayn8349v0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments