ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

claw_lance_memory

v1.0.0

基于 LanceDB 向量数据库的长期记忆与语义检索系统,支持自动抽取、分类和跨会话存储,快速响应集成 OpenClaw。

0· 68·1 current·1 all-time
by@asbinbin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and documentation implement a LanceDB-based long-term memory using an external embedding service (智谱 AI / Zhipu). That aligns with the skill's name and description. However registry metadata claims no required environment variables or primary credential, while the code (ZhipuEmbedding) requires ZHIPU_API_KEY and will raise if it's missing — an inconsistency between declared requirements and actual needs.
!
Instruction Scope
SKILL.md and enable.sh instruct enabling a hook that calls a Python script at agent bootstrap. enable.sh writes the ZHIPU_API_KEY into ~/.bashrc (persistence), and the hook's handler.js execSyncs a Python script in the agent bootstrap path to produce a virtual USER_MEMORY.md injected into the agent's system prompt. These runtime instructions cause the agent environment to execute local code during bootstrap and to send user text to the external embedding API — both legitimate for a memory skill but sensitive (privacy/exfiltration) and broader than a purely local-only helper.
Install Mechanism
There is no remote ad-hoc download URL; installation is via pip (requirements.txt) and a local enable.sh that creates a venv and installs packages. Dependencies are public PyPI packages (lancedb, pyarrow, langchain, zhipuai, numpy). This is a standard but non-trivial install (networked pip installs). No evidence of obscure external downloads or archive extraction from unknown personal servers.
!
Credentials
The skill requires an embedding API key (ZHIPU_API_KEY) to function, which is proportional to using an external embedding service, but the registry metadata omitted this requirement. enable.sh suggests persistently writing the API key to ~/.bashrc (creates persistent secret in shell RC). The hook also reads OPENCLAW_USER_ID and uses HOME/~/.openclaw paths. The undeclared required env var and the suggested persistence of the API key are problematic and should be explicit and considered before use.
Persistence & Privilege
The skill does not request always:true and is user-invocable. However enabling the provided hook gives it the ability to execute at each agent bootstrap (handler.js runs session_start.py via execSync). That is an expected capability for a memory hook but increases blast radius: on bootstrap it will run local Python and call the embedding API and inject USER_MEMORY.md into the agent's system prompt. Users should be aware enabling the hook grants automatic execution at bootstrap until disabled.
What to consider before installing
Key things to consider before installing: - The code requires a ZHIPU_API_KEY even though the registry metadata didn't declare it; review and be sure you trust the embedding provider. Embedding calls will send text to the external service (智谱 AI), so do not store or send highly sensitive data (passwords, private keys, secrets) to this skill. - enable.sh suggests adding your API key to ~/.bashrc (persistent secret). Prefer setting the env var in a more controlled place (or use a temporary env) and avoid storing secrets in plaintext shell files if you care about confidentiality. - The hook (handler.js) will execute a Python script during agent bootstrap and inject a USER_MEMORY.md into the agent system prompt. That means saved memories become part of prompts the agent sees — a privacy surface. If you enable the hook, verify the exact handler path and permissions and test in an isolated environment first. - There are path/venv mismatches: enable.sh creates a venv in the repo (venv), but handler.js expects a venv at ~/.openclaw/workspace/venv-lancedb. Confirm and adjust paths before enabling the hook to avoid unexpected behavior. - The repository/source is listed as unknown with no homepage; prefer installing only from trusted sources. If you don't trust the author or need provenance, ask for a canonical repository or author contact and inspect the code yourself. - Recommended precautions: run the skill in an isolated VM/container, audit/grep the code for any outbound network calls beyond the embedding API, do not import highly sensitive personal data into the memory, and disable the hook (openclaw hooks disable memory-system) if you notice unexpected behavior. If you want, I can point out the exact lines that raise these issues (where ZHIPU_API_KEY is required, where enable.sh writes to ~/.bashrc, and where handler.js execSyncs the Python script), or produce a checklist to safely test this skill in a sandbox.
hooks/memory-system/handler.js:37
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973k4egdh6pnwwc1t1f8aw60d83ztre

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments