Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memory Review
v1.1.0知识沉淀自动化技能。扫描近期日记,识别可沉淀知识,自动写入知识库。触发时机:cron 定时任务或手动调用。使用方法:加载 skill 后读取 references/spec.md 获取详细规范。
⭐ 0· 119·1 current·1 all-time
by@axelhu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (automatically scan diaries and write knowledge) matches the instructions to read memory/daily and write memory/knowledge and reports. However the SKILL.md references running md5sum and delivering reports to channels (e.g., Feishu) while the metadata declares no required binaries or credentials — a mild inconsistency. It's plausible the skill expects delivery configuration to live in AGENTS.md/MEMORY.md instead of environment variables, but that should be documented as a deliberate design choice.
Instruction Scope
Runtime instructions explicitly read and write local project files: MEMORY.md, AGENTS.md, memory/daily/*, memory/knowledge/*, data/exec-logs/* and may modify AGENTS.md or TOOLS.md. The skill also states it will '投递报告' (deliver reports) using values from AGENTS.md/MEMORY.md (e.g., Feishu group IDs). This grants the skill broad discretion over local content and the ability to post externally if delivery logic is implemented — the SKILL.md does not specify how delivery is performed or what exact fields/credentials are required. That lack of precision increases risk because the agent could read secrets embedded in those files or use hidden endpoints.
Install Mechanism
Instruction-only skill (no install spec, no code files). This is the lowest install risk: nothing will be fetched or written during installation. All behavior comes from SKILL.md and references/spec.md.
Credentials
The skill declares no required environment variables or primary credential, but it expects delivery config (channel IDs, potentially tokens or webhooks) to be found in AGENTS.md or MEMORY.md. Not requiring environment variables is acceptable if the project stores all needed endpoints locally, but the skill should declare that it will read those files and should document the expected keys and whether they may contain secrets. As-is, it may read/write files that incidentally contain sensitive tokens without explicitly asking for them.
Persistence & Privilege
The skill is not always:true and is user-invocable (normal). It will write files under memory/ and data/exec-logs/ and may update AGENTS.md/TOOLS.md as part of 'low priority' rules — this is within its stated purpose but grants it write privilege over project configuration files. That capability should be made explicit and limited by user policy or review.
Scan Findings in Context
[no-code-files-found] expected: The repository contains only SKILL.md and references/spec.md (instruction-only). The regex scanner had no code to analyze; the security surface is entirely in the prose instructions.
What to consider before installing
This skill will scan and modify files inside your project (memory/daily, memory/knowledge, AGENTS.md, MEMORY.md, data/exec-logs). Before installing or running it: 1) Inspect AGENTS.md and MEMORY.md for any tokens, webhooks, or secrets — move secrets into a controlled vault or environment variables and update the skill configuration accordingly. 2) Back up AGENTS.md, TOOLS.md and other config files the skill may edit. 3) Confirm where 'report delivery' actually posts (the SKILL.md mentions Feishu but gives no delivery method); prefer explicit webhook or token entry via env vars rather than embedding credentials in AGENTS.md. 4) Ensure md5sum (coreutils) is available in your runtime if you plan to run the skill. 5) Run the skill first in a limited test workspace to review generated files and logs before allowing regular cron/autonomous runs.Like a lobster shell, security has layers — review code before you run it.
latestvk97ahmqz4be454axajc8jxhmks835kjs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.