ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Lifecycle

v1.1.0

Systematic memory management for long-running AI agents. Implements a five-tier lifecycle — heartbeat micro-attention, nightly consolidation, weekly reflecti...

0· 78·0 current·0 all-time
by@andrewagrahamhodges
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md, templates, and scripts align with a memory-management purpose: scaffolding memory files, adding a Recent buffer, and creating scheduled consolidation jobs. However, the code repeatedly calls an external CLI 'openclaw' (openclaw status, openclaw cron list/create) but the registry metadata lists no required binaries. That is an incoherence — the scripts require the OpenClaw CLI to function and may act across multiple agents/workspaces.
Instruction Scope
Runtime instructions explicitly tell the user to run scripts/setup.py which will create files (MEMORY.md additions, people.md, decisions.md, etc.), update HEARTBEAT.md, and create cron jobs that run nightly/weekly/monthly/yearly. All of that is in-scope for a memory lifecycle skill, but these instructions grant the skill permission to modify workspace files and to create persistent scheduled jobs that run without manual approval once created. The SKILL.md properly documents --dry-run and --agent options, which is good.
Install Mechanism
This is instruction-only (no external downloads). There is no install spec — the only on-disk artifacts come from running the included setup script, which is expected for this type of skill.
Credentials
The skill does not request environment variables or secrets. The scripts operate on local workspace files and use the OpenClaw CLI; no credentials are requested or read. The scripts do instruct to preserve phone numbers, addresses, and other personal data in memory files — that is a privacy consideration but not an unexplained secret request.
!
Persistence & Privilege
Running the setup script will create cron jobs (persistent scheduled tasks) that cause the agent to run autonomously on a schedule. Although always:false and model invocation not disabled (normal defaults), the cron jobs themselves are persistent and could run repeatedly without further human action. The setup script also discovers other agents via 'openclaw status' and may create jobs for agents/workspaces beyond the one you intended — exercise caution and use --agent or dry-run first.
What to consider before installing
This skill appears to implement the memory lifecycle it describes, but review and take these precautions before installing or running the setup script: - Verify you have the OpenClaw CLI available: the scripts call 'openclaw status' and 'openclaw cron' but the skill metadata does not declare this dependency. If 'openclaw' is not present the scripts will fail; if present they will act against whatever OpenClaw server your environment is configured for. - Run with --dry-run first and inspect the printed commands to see what files would be created/changed and what cron jobs would be added. The README and scripts provide a dry-run option for this reason. - Backup MEMORY.md, HEARTBEAT.md and any existing memory/ files before running. The setup script will write files and insert a ## Recent buffer; the nightly/weekly/monthly cron jobs will later modify files. - Limit scope with --agent <id> (don’t let the script discover and modify all agents) unless you intend to configure multiple agents. discover_agents() uses workspace paths returned by OpenClaw — if you run as an admin you could inadvertently create jobs across other agents. - Inspect the scripts yourself: they call subprocess.run(shell=True) for OpenClaw commands and inline prompt text into cron job payloads. This pattern works but can be brittle if agent names/workspaces contain unusual characters; check quoting and the created cron definitions. - Understand persistence: creating scheduled jobs means recurring autonomous runs. If you later want to stop them, remove the cron jobs via 'openclaw cron list'/'openclaw cron delete' or equivalent. What would change my assessment to 'benign': the registry metadata explicitly listing 'openclaw' as a required binary, and the setup script using safer CLI invocation patterns (no shell quoting with untrusted inputs) and clear defaults that restrict actions to a single agent unless elevated consent is provided. If you are uncomfortable, run the scripts in a test workspace or inspect and manually apply the file changes instead of letting the script create cron jobs for you.

Like a lobster shell, security has layers — review code before you run it.

consolidationvk9758s7r15mttccwcra44wq6d183k28flatestvk9760q0ygk37dfs0px4esyavrd83qvjklifecyclevk9758s7r15mttccwcra44wq6d183k28fmemoryvk9758s7r15mttccwcra44wq6d183k28fproductivityvk9758s7r15mttccwcra44wq6d183k28f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments