ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

tetra-scar

v0.4.0

Scar memory, reflex arc, and decision traces for AI agents. Learn from failures permanently. Block repeated mistakes instantly — no LLM calls needed. Three-l...

0· 82·0 current·0 all-time
by@aibenyclaude-coder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (scar memory + reflex arc, block repeated mistakes) align with the included code (tetra_scar.py implements scars, reflex_check, tetra_check, JSONL storage). However several files reference different owners/names (README/action.yml mention aibenyclaude-coder, SKILL.md/README mention B Button Corp/b-button-corp) and examples refer to external packages (tetra-scar-code-review, scar_safety) that are not in this bundle. This provenance/packaging mismatch is unexpected.
!
Instruction Scope
SKILL.md and tetra_scar.py keep behavior local (read/write JSONL in memory dir, pattern matching, no network calls or secrets). But example CI and incident-response scripts attempt to call or import external scripts (../../tetra-scar-code-review/scar_code_review.py, scar_safety from ../tetra-scar-safety). The CI example records scars based on findings and will run external review scripts; those referenced scripts are not present here, so running examples may execute unknown code if the user wires them to other repos. Also scar_audit.py can clone arbitrary repos (it runs git clone) when used with --repo, which will fetch and execute analysis on remote code — expected for an audit tool but worth noting.
Install Mechanism
No install spec is declared (instruction-only). The package is distributed as source files only; there is no automated download of third‑party binaries or archives. This is lower risk, but examples/README suggest optional copying of tetra_scar.py into projects or using a separate action name which could lead users to fetch code from different owners.
Credentials
The skill does not request environment variables or credentials. Action.yml and CI examples use standard GitHub Actions environment variables (GITHUB_*), which is expected. There are no REQUIRED secret env vars in the skill metadata.
Persistence & Privilege
always is false and the skill writes only to local JSONL files under a configurable memory directory. That persistent storage is consistent with the described scar memory function and does not request system-wide privileges or modify other skills' configs.
What to consider before installing
This package implements a local scar/reflex memory and the code mostly matches that purpose — it stores JSONL scars, does pattern matching, and offers a 4-axis check. Before installing or enabling it, check/consider: - Provenance: files reference multiple authors/owners (b-button-corp, aibenyclaude-coder, and the anonymous owner ID). Verify the repository origin and prefer code from a trusted source. - Missing referenced components: examples and CI scripts call or import external scripts (tetra-scar-code-review/scar_code_review.py, scar_safety, tetra-scar-safety) that are not included. If you run those examples or wire the action as-is, you may end up executing external code—locate and inspect those referenced projects first. - Remote clone behavior: scar_audit.py can clone arbitrary GitHub repos when used with --repo. Cloning itself is expected for an audit tool, but avoid running the script on untrusted repos or in privileged CI runners without review. - Local persistence: scars are append-only JSONL files written to disk. Confirm the memory_dir path is acceptable and not pointing to sensitive locations. If you plan to use this skill: run the included tests locally (pytest), inspect the referenced external scripts before using the CI examples, and verify the action's owner/URL if you use it in CI. The inconsistencies suggest sloppy packaging rather than overt maliciousness, but manual review is recommended before trusting it in production.

Like a lobster shell, security has layers — review code before you run it.

agent-reliabilityvk9736w88mhsgzd5y4vs35sxdv983atf8github-actionvk9736w88mhsgzd5y4vs35sxdv983atf8latestvk9736w88mhsgzd5y4vs35sxdv983atf8loravk9736w88mhsgzd5y4vs35sxdv983atf8memoryvk9736w88mhsgzd5y4vs35sxdv983atf8reflex-arcvk9736w88mhsgzd5y4vs35sxdv983atf8safetyvk9736w88mhsgzd5y4vs35sxdv983atf8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments