ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Nm Memory Palace Knowledge Intake

v1.0.0

Process external resources into stored knowledge with quality evaluation, curation routing, and application decisions

0· 29·1 current·1 all-time
by@athola
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is an instruction-only knowledge-intake framework and the declared required config paths (leyline/document-conversion, scribe/slop-detector, memory-palace/digital-garden, etc.) align with that purpose. However, the SKILL.md assumes the presence of external tools and protocols (gh CLI, WebFetch, markitdown/Claude Code conversion tools, leyline hooks) while the registry metadata declares no required binaries or credentials — a mismatch between what it expects to be available and what it explicitly asks for.
!
Instruction Scope
Runtime instructions include fetching web content, converting documents (PDF/DOCX/PPTX/XLSX/epub) via a document-conversion protocol, constructing file:// URIs for local file ingestion, wrapping content in sanitization boundaries, and optionally pushing summaries to GitHub Discussions via gh GraphQL mutations. Those actions are within the stated purpose but they also involve reading local file paths and transmitting content to conversion endpoints and GitHub. That creates potential for unintended data exposure if the document-conversion or WebFetch endpoints are remote/untrusted or if the gh CLI is authenticated to a repo with broad permissions. The SKILL.md does state human approval is required for destructive tidying actions, but several automated transmission steps remain.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk by the skill bundle itself. This is lower-risk from a supply-chain/executable standpoint. However, the skill relies on external tools/protocols at runtime (gh, markitdown, WebFetch, Claude Code tools) that are not declared as required binaries.
Credentials
The skill requests no environment variables or tokens in metadata, but it references operations that require credentials at runtime: e.g., pushing to GitHub Discussions via the gh CLI (which requires gh auth) and potentially sending files to a document-conversion service (which often requires API keys or remote endpoints). The many required config path hooks are reasonable for a modular memory-palace architecture, but you should ensure those config entries point to trusted, local services and that no unrelated credentials are exposed.
Persistence & Privilege
always:false and the SKILL.md emphasizes human curator approval for tidying (archive/delete) actions. The skill does not request permanent system presence or modify other skills' configs in the provided instructions.
Scan Findings in Context
[no_regex_findings] expected: The static regex scanner found nothing because this is an instruction-only skill with no code files. Absence of findings is expected but does not imply the runtime instructions are safe.
What to consider before installing
This skill is coherent for its stated goal of ingesting and curating external resources, but it assumes runtime tools and remote conversion endpoints that are not declared in the registry metadata. Before installing/use: (1) Confirm where the required 'leyline' document-conversion and content-sanitization hooks point — if they call remote services, do not send sensitive local files until you trust the endpoint. (2) Be aware the SKILL.md will construct file:// URIs for local file ingestion — only supply local paths you are comfortable having processed. (3) The discussion-promotion module uses the gh CLI to create/update GitHub Discussions; ensure the agent's gh auth and repository permissions are appropriate and you consent to posting summaries. (4) Ask the skill author to explicitly list required binaries (gh, markitdown or conversion tools, WebFetch) and any credentials or endpoints the hooks call. (5) If you cannot verify the document-conversion and WebFetch implementations are local/trusted, test in a sandbox environment first or decline to enable automatic ingestion of private files. If the author supplies clarifications showing all conversion and storage endpoints are local or under your control, this skill is reasonably coherent; otherwise treat it cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk970jcd7apvxbcfvm21dakbmg184tax6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Confignight-market.memory-palace-architect, night-market.digital-garden-cultivator, night-market.leyline:evaluation-framework, night-market.leyline:storage-templates, night-market.leyline:document-conversion, night-market.scribe:slop-detector

Comments