ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Memory

v1.0.0

Persistent, locally stored semantic memory for agents with automatic learning, searchable facts, and optional paid unlimited retention across all sessions.

0· 2.4k·17 current·17 all-time
by@atlaspa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md align on the core purpose (local SQLite memory, embeddings, semantic search, hooks to inject/store memories, and an x402 payment flow). However, metadata/requirements claim 'no required env vars' while implementation and documentation reference environment variables (PAYMENT_WALLET, PAYMENT_CALLBACK_URL, OPENAI_API_KEY, EMBEDDING_PROVIDER, MEMORY_DEDUPLICATE). That mismatch between declared requirements and actual code is a sign of sloppy packaging and should be treated as a red flag.
!
Instruction Scope
The installed hooks automatically extract and persist data from every request/response when an agent wallet is present (request-before, request-after, session-end). The README even gives an example of storing secrets as 'facts' (e.g., "User's API key is abc123"), implying the analyzer may capture and persist sensitive tokens. The SKILL.md claims 'no external servers or telemetry' and 'embeddings can use local models', but implementation summary indicates OpenAI may be used by default — so the actual runtime behavior (what is captured, where embeddings go) depends on configuration and may contradict privacy claims.
Install Mechanism
There is no remote download/install URL in the skill metadata (no arbitrary URL/extract), and package.json lists normal Node dependencies (express, better-sqlite3). Risk from the install mechanism itself is low relative to download-from-untrusted-URL patterns. That said, this package includes server and database code that will run locally under Node, so installation gives code persistent disk presence and a local HTTP service (dashboard).
!
Credentials
The registry metadata lists no required environment variables, but the implementation references several environment variables (PAYMENT_WALLET, PAYMENT_CALLBACK_URL, OPENAI_API_KEY, EMBEDDING_PROVIDER, MEMORY_DEDUPLICATE). In particular, PAYMENT_WALLET and payment callback configuration are critical for the x402 flow; these were not declared up front. The skill allows autonomous agent-initiated payments (x402) and the MVP 'trusts reported tx_hash' (no on-chain verification), which is a high-risk capability if an agent is given a funded wallet or if untrusted agents can call the payment endpoints.
!
Persistence & Privilege
The skill registers OpenClaw hooks that run on every request/session where an agent wallet exists, giving it automatic, persistent access to conversation content and the ability to store/inject memories into future requests. While 'always: true' is not set, the hooks still grant broad automatic behavior. Combined with the ability for agents to autonomously subscribe to 'Pro' (and the dashboard running a local HTTP API by default), this increases blast radius for accidental secret capture, unauthorized payments, or local data exposure if the dashboard is not properly firewalled.
What to consider before installing
Key things to consider before installing: - Review and audit the code yourself (especially src/x402.js, src/index.js, src/analyzer.js, and the dashboard server). The package runs a local web server and a persistent SQLite DB under ~/.openclaw/openclaw-memory/. - Do not provide a funded agent wallet or give agents wallet access you don't fully control. The x402 flow allows agents to create payment requests and the MVP trusts reported tx_hash values (no on-chain verification), which could enable false/unauthorized 'payments'. - Check environment variables and configuration: the skill expects PAYMENT_WALLET, PAYMENT_CALLBACK_URL, and may use OPENAI_API_KEY or local embeddings depending on settings — these were not declared in the registry metadata. Decide which embedding provider you want and configure it explicitly. - Secrets may be captured: the analyzer is designed to extract facts and preferences automatically, and documentation examples explicitly mention storing things like API keys. If you have sensitive data that must not be persisted, either disable the hooks, configure the analyzer to filter secrets, or do not install. - Run the dashboard only on localhost and ensure it is not exposed to the network (bind to 127.0.0.1 and/or use firewall rules); review and secure PAYMENT_CALLBACK_URL if you enable payments. - If you plan to use the Pro/x402 features: require on-chain verification (do not rely on the MVP 'trust tx_hash' behavior) and set PAYMENT_WALLET to an address you control; consider manual approval of payment actions rather than autonomous agent-driven payments. If you are not able to audit the code, or you cannot guarantee agents will not receive wallet credentials, treat this skill as higher risk and avoid installing it in production environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bzbv4x7npvc70j8yp57darh8109sf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
OSmacOS · Linux · Windows
Binsnode

Comments