Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Memory
v2.3.0Manage, optimize, and troubleshoot the OpenClaw memory system — MEMORY.md curation, daily logs (memory/YYYY-MM-DD.md), memory_search tuning, compaction survi...
⭐ 21· 7.8k·50 current·57 all-time
byWeAreAllSatoshi@weareallsatoshin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description align with the instructions: the skill is about managing MEMORY.md, daily logs, memory_search/memory_get, compaction, and embedding providers. Access to ~/.openclaw/workspace and memory files is appropriate for this purpose. The SKILL does reference embedding providers and API keys as selectable backends, which is consistent with a memory/search capability.
Instruction Scope
The instructions explicitly direct the agent to read and write workspace memory files (MEMORY.md, memory/YYYY-MM-DD.md) and to perform an autonomous 'memory flush' before compaction. The flush is described as 'silent' (agent replies with NO_REPLY) so the user would not see those background writes. The skill also instructs editing AGENTS.md to mandate memory_search before acting. These behaviors are within the stated domain but are broad: they persist conversation content to disk (possibly including secrets), modify agent behavior, and perform hidden actions without explicit user-visible confirmation.
Install Mechanism
Instruction-only skill with no install spec and no code files. This minimizes installation risk (nothing is downloaded or written by an installer).
Credentials
The registry metadata lists no required env vars or credentials, which is consistent with being an instruction-only helper. However the instructions reference selecting embedding providers (openai, gemini, voyage, mistral, local) based on available API keys; those keys are not declared as required. That is not necessarily malicious, but it's a mismatch between declared requirements and runtime expectations: the skill may behave differently if provider keys exist and can read/use them if the agent environment exposes them.
Persistence & Privilege
always:false (good), but the skill encourages persistent changes to workspace files (MEMORY.md, AGENTS.md) and autonomous behavior (automatic memory flushes triggered before compaction). Because default platform behavior allows autonomous invocation, the combination of autonomous, silent writes and instructions to make retrieval mandatory increases the privacy/operational blast radius. The skill does not request system-wide privileges, but it requests persistent modification of user-visible configuration and data files.
What to consider before installing
This skill appears to do what it says (manage OpenClaw memory files), but it instructs the agent to write conversation content to files and to perform 'silent' background flushes that the user won't see. Before installing or enabling it: (1) Decide whether you want the agent to persist chat content to ~/.openclaw/workspace (may include sensitive info). (2) If you do not want silent writes, set workspaceAccess to read-only or disable memoryFlush in your config. (3) Review any automatic edits it suggests to AGENTS.md or MEMORY.md before applying. (4) If you use provider API keys (OpenAI, Gemini, etc.), be aware the skill references them although it does not declare them; ensure only intended keys are available. If you want lower risk, test the skill in an isolated account or environment and audit the memory files it creates.Like a lobster shell, security has layers — review code before you run it.
corevk9758hmxvb4142kf89b44jd42980ez25journalingvk9758hmxvb4142kf89b44jd42980ez25latestvk97f0kt6pk4vqqn4jzcfb5h5vs8339ebmemoryvk9758hmxvb4142kf89b44jd42980ez25systemvk9758hmxvb4142kf89b44jd42980ez25
License
MIT-0
Free to use, modify, and redistribute. No attribution required.