ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

org-memory

v0.6.1

Structured knowledge base and task management using org-mode files. Query, mutate, link, and search org files and org-roam databases with the `org` CLI.

1· 1.1k·2 current·2 all-time
by@dcprevere
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's stated purpose (task + knowledge management using org and org-roam) matches what the code and SKILL.md do: run the `org` CLI against agent/human workspaces and roam DBs, read memory.org and daily files, and perform search/mutations. One mismatch: the registry lists several env vars as required, but the plugin code provides sensible defaults when env vars are absent (the tests exercise those defaults). That makes the registry's 'required env vars' claim inaccurate (but not dangerous).
Instruction Scope
Runtime instructions are scoped to reading/writing org files and running the `org` CLI; the plugin injects memory.org and today's/yesterday's daily files into the agent context at session start and exposes tools that run `org` commands. The SKILL.md includes a migration workflow that reads ~/.openclaw/workspace/MEMORY.md and can write ~/.openclaw/openclaw.json — but this migration is explicitly user-initiated in the docs. There are no instructions to read arbitrary unrelated system files or send data to external endpoints.
Install Mechanism
No install spec (instruction-only + plugin code), so nothing is downloaded or written during install. The code depends only on a local `org` CLI binary and a small TypeBox dependency declared in package.json/lockfile; this is proportionate for the stated functionality.
Credentials
Env vars requested (agent/human dirs and DB/roam locations) align with the plugin's need to know where to read/write org files and the SQLite DB. Two practical issues: (1) the registry marks several env vars as required even though the code falls back to defaults, and (2) the code/test reference additional overrides (e.g., ORG_MEMORY_ORG_BIN, ORG_MEMORY_INBOX_FILE) that are not listed as required — these are optional but the metadata mismatch could confuse users. The plugin can read/write files in the user's home (per the configured dirs) and — if the user consents to migration — modify ~/.openclaw/openclaw.json; that is powerful but documented as explicit user action.
Persistence & Privilege
The skill is not force-included (always:false). It registers a before_agent_start hook that prepends memory files to session context and registers tools that can mutate files via the `org` CLI. This is appropriate for a memory plugin. Note: the agent can invoke the plugin autonomously (disable-model-invocation is false, the default); combined with file write capability this is a normal but higher-scope behavior the user should accept consciously.
Assessment
What to consider before installing: - This plugin will read and write files in the configured agent/human directories (defaults to ~/org/alcuin and ~/org/human). Point those directories at locations you control and avoid placing secrets there. - At session start the plugin injects the contents of memory.org and recent daily notes into the model's context — treat those files as visible to the agent and back up anything sensitive first. - The migration path can read ~/.openclaw/workspace/MEMORY.md and update ~/.openclaw/openclaw.json, but only if you explicitly ask the plugin to run migration; back up openclaw.json and MEMORY.md before migrating. - The registry metadata claims several env vars are required even though the code uses defaults; you do not strictly need to set every listed env var, but review and set ORG_MEMORY_* env vars (or plugin config) to point to the correct places before enabling. - Verify you trust the `org` CLI binary on your system (the plugin invokes it via execFile). Consider testing the plugin on a disposable workspace first. - If you want stricter safety, restrict the plugin's directories to a sandboxed location and/or require manual confirmation before writes; review the plugin code if you need assurance about exact behaviors.
plugin/index.ts:76
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9751m73f7s8d27jw3ra3t47dd83gae0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦄 Clawdis
Binsorg
EnvORG_MEMORY_AGENT_DIR, ORG_MEMORY_HUMAN_DIR, ORG_MEMORY_AGENT_DATABASE_LOCATION, ORG_MEMORY_HUMAN_DATABASE_LOCATION, ORG_MEMORY_AGENT_ROAM_DIR, ORG_MEMORY_HUMAN_ROAM_DIR

Comments