ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hierarchical Memory

v1.0.1

Manage and navigate a multi-layered, branch-based memory system. This skill helps organize complex agent context into Root, Domain, and Project layers to pre...

2· 597·1 current·1 all-time
by@balkanblbn
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (hierarchical memory management) matches the included script's behavior: creating directories and markdown files under a memory workspace and appending links. However, the script hardcodes absolute paths (/root/.openclaw/workspace/...), which is brittle and can have broader filesystem effects depending on the runtime environment. For a memory-management skill this is mostly reasonable, but the choice of absolute root paths (instead of a relative or configurable workspace path) is disproportionate and risky.
!
Instruction Scope
SKILL.md claims the script "does not perform any network activity, access sensitive system files, or execute external code." The script itself performs local file system writes and appends to files under /root/.openclaw/workspace. More importantly, it does not sanitize user-provided names or parent paths: passing names with path separators (e.g., '../') could result in directory traversal and writing/appending outside the intended memory folder. This contradicts the strong safety claim in SKILL.md and grants broad write capability based on uncontrolled input.
Install Mechanism
There is no install spec (instruction-only) and the code footprint is small (one Python script). No external downloads or package installs are requested. This is low-risk from an install/execution perspective, provided the script is reviewed and run in an appropriate sandbox.
Credentials
The skill requests no environment variables or credentials, which aligns with its purpose. However, the script's hardcoded absolute paths presume a specific runtime layout and root-accessible paths; that assumption is not justified in the metadata and could cause the script to operate outside intended boundaries on some deployments.
Persistence & Privilege
The skill is not marked always:true and does not attempt to change other skills or system-wide configuration. Its only persistent effect is writing/append to files under the workspace. That persistence is expected for a memory-management tool, though the lack of input sanitization raises the risk of unintended persistent changes.
What to consider before installing
This skill is plausibly doing what it says (creating memory files) but has unsafe implementation details you should consider before installing or running it: - Risk: The included script hardcodes /root/.openclaw/workspace paths and does not validate branch names or parent paths. A crafted name like "../somewhere" could cause the script to write or append files outside the intended memory folder (directory traversal). - What to do before running: Inspect or patch scripts/add_branch.py. Prefer changes such as: - Use a configurable or relative workspace path rather than an absolute /root path. - Normalize and validate names (reject path separators), and use pathlib to resolve and ensure the target is inside the intended base directory (compare abspath prefixes). - Limit file modes and avoid appending to arbitrary files without validation. - Operational advice: Run the skill only in an isolated agent workspace or sandbox (not on a host with sensitive files), avoid running it with root privileges, and avoid giving the agent broad autonomous invocation rights until you vet the script. If you expect to store sensitive data in memory files, consider encrypting them or restricting who/what can read them. If you cannot or will not review the script, treat the skill as potentially unsafe and avoid installing it on production or sensitive systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk97asqx42yc79dqg8mn5bghbrs81ngbc
597downloads
2stars
2versions
Updated 7h ago
v1.0.1
MIT-0
@balkanblbn
latest
Download

Hierarchical Memory (Neural Branching)

This skill provides a structured method for managing long-term memory in a multi-layered, branched format to prevent context bloat and ensure high-fidelity recall.

🛡️ Security & Transparency

This skill includes a Python script scripts/add_branch.py. This script is used solely to:

  1. Create directories in your memory/ folder.
  2. Create boilerplate markdown files for new memory branches.
  3. Append links to these new files in your existing memory maps. It does not perform any network activity, access sensitive system files, or execute external code.

Memory Architecture

The memory system is organized into three primary layers:

  1. Layer 1: Root Memory (MEMORY.md)

    • The central nervous system.
    • Contains high-level context about the partnership, core missions, and global goals.
    • Acts as a map to all other memory layers.

  2. Layer 2: Domain Memories (memory/domains/*.md)

    • Specialized knowledge silos.
    • Examples: coding.md, trading.md, social.md, research.md.
    • Contains domain-specific philosophies, tech stacks, and project indices.

  3. Layer 3: Project Memories (memory/projects/*.md)

    • Deep-dive details for specific initiatives.
    • Examples: hesapgaraj.md, clawguard.md, baa.md.
    • Contains project status, to-dos, technical specs, and history.

How to Use This Skill

1. Recalling Information

  • Always start by searching MEMORY.md.
  • Follow the "Map" links to the relevant Domain or Project file.
  • Use read to load only the specific branch needed for the current task.

2. Adding New Information

  • New Fact about the Partnership: Update MEMORY.md.
  • New Domain: Create a new file in memory/domains/ and link it from MEMORY.md.
  • New Project: Create a new file in memory/projects/ and link it from its primary Domain file.

3. Cross-Referencing

  • If a project belongs to multiple domains (e.g., a trading bot that requires coding), link the Project file from both Domain files.

Automation Tools

Use the provided scripts to maintain the hierarchy:

  • scripts/add_branch.py: Automatically create a new domain or project file with the correct template and linking.

Best Practices

  • Atomic Writes: Keep project files focused only on that project.
  • Backlinks: Every branch should have a "Back to Root" or "Back to Domain" link.
  • Pruning: During heartbeats, review branches and remove obsolete information.
  • Why This Matters: Every branch and major entry must include a "Significance" line (Why is this important?) to prevent "Zombie Memory" (useless data accumulation).
  • Recent Delta: Maintain a recent_delta.md in each domain/project folder containing changes from the last 3-7 days for rapid context synchronization.

Comments

Loading comments...