ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

TruContext OpenClaw

v0.1.9

TruContext persistent memory for OpenClaw agents. Use when you need to remember something significant across sessions, recall prior context, query the knowle...

0· 77·0 current·0 all-time
by@alphacollectivellc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match behavior: the skill is a wrapper around the TruContext CLI and requires the trucontext CLI and python3 to resolve state. Required binaries and the npm install are appropriate for a TruContext OpenClaw integration.
Instruction Scope
SKILL.md and the shell script limit actions to reading ~/.trucontext/openclaw-state.json, calling the trucontext CLI, and invoking tc-memory verbs. The skill instructs the agent to call recall at session start (expected for memory agents). It does not read unrelated system files or exfiltrate data to unexpected endpoints, but any ingested text will be sent to the TruContext service (intended behavior).
Install Mechanism
Install is an npm package (trucontext-openclaw) which is proportionate for shipping a small CLI wrapper. No downloads from unknown URLs or archive extraction are present in the provided files.
Credentials
The skill does not request environment variables or unrelated credentials. It reads the TruContext state and relies on the TruContext CLI's credentials file (~/.trucontext/credentials.json), which is appropriate for a CLI-based integration. Users should avoid ingesting secrets into memory.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent settings. It runs as a normal user-level wrapper and depends on the installed CLI and state file.
Assessment
This skill is a straightforward wrapper around the TruContext CLI and behaves as described. Before installing: (1) ensure you trust trucontext.ai — any text you 'ingest' will be sent to the TruContext service; avoid sending secrets or credentials. (2) The skill reads ~/.trucontext/openclaw-state.json and relies on the TruContext CLI's auth file; authenticate separately with `npx trucontext login`. (3) Installation uses npm; review the npm package if you want to confirm there are no hidden behaviors. (4) The included python -c usage is a brittle way to parse the state file (may break on unusual paths) but not an obvious exfiltration vector. If you need more assurance, review the npm package source on the referenced GitHub repo and confirm the CLI binary it calls is the official TruContext CLI.

Like a lobster shell, security has layers — review code before you run it.

latestvk9769hvm4d1qbg32a9yke593gd83nky4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binstrucontext, python3

Install

Install trucontext-openclaw (npm) — includes TC CLI setup
Bins: trucontext-openclaw
npm i -g trucontext-openclaw

Comments