ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Ops

Manage mandatory PostgreSQL memory operations with context retrieval, prompt logging, delegation tracking, and audit event recording using Memory_openclaw an...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 330 · 2 current installs · 2 all-time installs
by@ianleme
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim Postgres + pgvector memory ops, and the included SQL/schema/templates implement exactly that. However the skill does not declare any way to connect to the database (no env vars, no connection path). That is an incoherence: it requires DB access in practice but asks for no credentials or config. Also many queries hardcode user_id='ian' and agent='jarvis', which is not general-purpose and suggests the package is tailored to a single account/agent.
Instruction Scope
SKILL.md instructs the agent to read memory before responding, save user prompts, log delegations and audit events — all consistent with the stated goal. It does not instruct any network exfiltration or access to unrelated system files. Missing are guidance about sanitization/filtering of secrets, retention policy, or how to obtain embeddings (the SQL expects a :query_embedding bind). The mandatory 'save every prompt/delegation' behavior increases risk of storing sensitive data if not filtered.
Install Mechanism
Instruction-only skill with no install spec and no code files that execute. This minimizes install-time risk; nothing is downloaded or written by an installer.
!
Credentials
The skill requests no environment variables or credentials but clearly needs database connection info (host/port/db/user/password or similar) and likely an embeddings model/key in real use. The absence of declared env vars is an inconsistency. Additionally, defaulting to a fixed user_id ('ian') and agent ('jarvis') may cause accidental cross-user data writes if reused in another environment.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges, which is good. However its runtime protocol mandates writing every prompt/delegation and an audit row per turn — this persistent logging is expected for a memory/audit system but is privacy-sensitive and should be constrained by retention/permission policies and explicit DB credentials.
Scan Findings in Context
[no_regex_findings] expected: The static regex scanner reported no findings. That is expected for an instruction-only skill composed of SQL and prose; absence of matches does not imply the design is safe.
What to consider before installing
Before installing: (1) Ask the author to explicitly list how the agent connects to the database (required env vars or connection string) and do not provide DB credentials unless you control the target database. (2) Verify the DB, schema, and sample data are deployed in an isolated/test database you control. (3) Remove or parameterize the hardcoded user_id='ian' and agent='jarvis' values so the skill cannot accidentally write other users' data. (4) Confirm where embeddings come from and whether an embedding model key is needed; ensure that is documented and minimal-scoped. (5) Require a retention and PII/secret-filtering policy — the skill logs every prompt/delegation and could persist sensitive data. (6) If you will allow autonomous invocation, restrict which agents can use this skill and audit the memory_audit table regularly. If the author cannot explain the DB connectivity and data governance, treat the skill as unsafe to enable in production.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.2
Download zip
latestvk9762y9ak1d57v2ktnb177n6r18228sw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Memory Ops

Protocolo obrigatório (sempre)

  1. Consultar memória principal antes de responder ou delegar.
  2. Responder/delegar com contexto recuperado.
  3. Salvar contexto do prompt do usuário.
  4. Salvar contexto de cada delegação enviada para agentes.
  5. Registrar auditoria do ciclo (read/write status).

Banco alvo

  • Database: Memory_openclaw
  • Extensão: vector
  • Tabelas: usar memories + memory_audit.

Regras de gravação

  • Não salvar segredos sensíveis sem necessidade explícita.
  • Priorizar fatos operacionais: objetivo, decisão, restrição, preferência, próximo passo.
  • Sempre incluir metadados mínimos: source, scope, agent, timestamp, kind.

SQL e esquema

  • Criar/atualizar esquema em: references/schema.sql
  • Queries de consulta em: references/queries.sql

Auditoria obrigatória

  • Registrar um evento em memory_audit por turno com:
    • event_type: turn_cycle
    • read_ok: true/false
    • write_ok: true/false
    • details: JSON com contagens e ids

Handoff com agentes

Ao delegar para Alfred/Prompt Improver:

  1. Salvar kind=delegation_prompt com prompt enviado.
  2. Após retorno, salvar kind=delegation_result com resumo do output.
  3. Só então consolidar resposta final ao usuário.

Implementação de referência

  • Script pronto: scripts/memory_ops_template.sql
  • Se precisar adaptar dimensão de embedding, ajustar coluna vector(1536) conforme modelo.

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…