ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Vault

v1.0.2

Privacy-first persistent memory for AI agents. Your agent remembers across sessions AND controls what the LLM can see. 3 privacy tiers (Open/Local/Locked), h...

0· 123·0 current·0 all-time
by@girllove2code
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to provide a local, privacy-focused persistent memory (vector search + encryption). The declared Python packages (chromadb, cryptography) are coherent with that purpose. However, the skill bundle contains no code files; the SKILL.md instructs the agent to git-clone https://github.com/GirlLove2Code/Memory-Vault into ~/memory-vault and import modules from it. Requiring an external repo at runtime (not part of the published bundle) is disproportionate and inconsistent with the registry contents.
!
Instruction Scope
The SKILL.md tells the agent to clone a remote GitHub repository and then add that directory to sys.path and import modules (recall, entry_manager, branch_manager, etc.). That means the agent will execute arbitrary third‑party Python code at runtime. The instructions also describe encrypting a 'Locked' tier but do not specify how encryption keys are provided or protected. The runtime steps therefore go beyond simple, declarative integration and grant broad discretion to run external code and write/read files in the user's home directory.
!
Install Mechanism
The registry install spec declares pip packages (chromadb, cryptography) which are reasonable. But the SKILL.md's installation step uses git clone to pull code from a third‑party GitHub account — an untrusted download/execute pattern. The install behavior (cloning and executing external repo code) is higher risk than the uv package installs and is not captured in the registry's install spec.
!
Credentials
The skill declares no required environment variables or credentials, yet it advertises encrypted 'Locked' storage for secrets. There is no guidance about where encryption keys come from (env var, passphrase prompt, OS keyring), nor any declared primary credential. The absence of a described key-management mechanism is a proportionality and transparency concern: storing encrypted secrets without specifying how keys are derived/stored risks silent insecure behavior or hidden exfiltration vectors.
Persistence & Privilege
The skill is not force-enabled (always: false) and does not request system-wide privileges. However, it instructs cloning code into ~/memory-vault, modifying sys.path, and persisting a local vector DB and encrypted files — which gives it persistent presence on disk. This is expected for a local memory store but increases risk because the runtime code comes from an external repo.
What to consider before installing
This skill is internally inconsistent: the published bundle contains only instructions but tells the agent to git-clone and execute code from an external GitHub repo and does not explain how encryption keys are managed. Before installing, do at minimum: (1) inspect the GitHub repo and recent commits (GirlLove2Code/Memory-Vault) and review the code for network calls, exfiltration, or unexpected privileges; (2) verify how the 'Locked' tier encryption keys are derived/stored and whether you must provide a passphrase/env var; (3) run the code in an isolated sandbox or ephemeral VM first; (4) prefer a versioned release from a trusted maintainer or include the actual code in the skill package; (5) if you proceed, limit filesystem and network permissions and monitor network activity. If you are not able to fully review the external repo and key-management approach, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajpk9e5m1bdr33r28j2f00h83a69b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binspython3, pip3

Install

uvuv tool install chromadb
uvuv tool install cryptography

Comments