Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Core Capabilities V2
v2.0.1工作助手核心能力集成包 - 包含 Obsidian/Git 同步、记忆数据库、自然语言查询工具、监控页面等完整能力。提供 memory_query_agent.py 工具和完整文档。
⭐ 0· 37·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The package claims Obsidian/Git sync, memory DB, query tool and monitoring and does include a memory agent, monitor server and cron script. However the pieces are inconsistent: memory_query_agent.py uses a memory directory and memory.db colocated with the script, while monitor_server.py expects files under a hardcoded WORKSPACE = /home/awu/.openclaw/workspace. That mismatch suggests sloppy design or an assumption about the runtime environment that isn't declared in the skill metadata.
Instruction Scope
Runtime behavior includes reading local markdown files and an SQLite database and returning full 'content' fields via an HTTP API. monitor_server.py binds a TCPServer to "" (all interfaces) and sets Access-Control-Allow-Origin: *, making potentially sensitive memory content reachable from the network. The server also runs os.system('cd WORKSPACE && python3 cron_monitor.py ...'), invoking an arbitrary script in that workspace. These actions go beyond a simple local query tool and can expose or execute unverified code.
Install Mechanism
There is no formal install spec (lowest risk from registry perspective). However the package includes setup_cron.sh which, if run, will modify the user's crontab to run the agent every 30 minutes. That is a local persistence mechanism and should be considered a privileged operation that the user must consciously approve.
Credentials
The skill declares no required environment or credentials, but monitor_server.py hardcodes access to /home/awu/.openclaw/workspace and expects cron_monitor.py and memory.db there. The code will read workspace files (cron_status.json, memory.db, html) and may execute workspace scripts. These implicit accesses to a user workspace are not declared and could expose unrelated/secret files.
Persistence & Privilege
The skill does not set always:true, but it ships with a script that, when executed by the user, will add a cron job to persistently run the agent. The monitoring server also opens a network service (binds to all interfaces by default). Combined, these allow ongoing background access to local memories and network exposure if the user accepts the setup script.
What to consider before installing
This package implements the advertised features but contains risky defaults and inconsistencies. Before installing or running: (1) Inspect memory_query_agent.py, monitor_server.py and setup_cron.sh locally to confirm where data will be read/written. (2) Note monitor_server.py uses WORKSPACE = /home/awu/.openclaw/workspace (hardcoded) — change this to a safe directory or the script's directory if you plan to run it. (3) The monitor binds to all network interfaces and sets CORS to '*', and /api/memories returns full memory content — run it only on localhost or behind firewall, or change the server to bind to 127.0.0.1. (4) The server executes cron_monitor.py in that workspace via os.system; ensure that file is trusted before allowing it to run. (5) Do not run setup_cron.sh unless you want a persistent cron job; prefer running the agent manually or create a containerized/sandboxed environment for testing. (6) Consider backing up and scanning the memory.db for sensitive data before exposing it externally. If you want, I can list the exact lines that show the hardcoded path, the os.system call, and the HTTP/CORS exposure to help you modify the code safely.Like a lobster shell, security has layers — review code before you run it.
latestvk97b4y1mm3fsxq023z5hqfe20n84psf4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.