ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bamdra Memory Upgrade Operator

v0.1.0

Safely install, uninstall, reinstall, or upgrade the Bamdra OpenClaw memory suite when stale config, existing plugin directories, or partial installs break n...

0· 84·0 current·0 all-time
byWood@bamdra
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the actual behavior: the script manipulates ~/.openclaw (or a provided openclaw-home), sanitizes openclaw.json, moves plugin/skill directories for specific Bamdra IDs, and runs openclaw plugins install. All requested actions are coherent with upgrading/repairing the Bamdra memory suite.
Instruction Scope
SKILL.md instructs running the included Node script with clear modes (upgrade/install/uninstall) and flags. The script reads/writes openclaw.json, moves files under the OpenClaw home, and calls the 'openclaw' CLI. It does not read other user files, access unrelated system state, or transmit data to external endpoints itself. It does rely on the openclaw CLI to fetch/install the package.
Install Mechanism
This is an instruction-only skill with an included script file; there is no install spec and no external downloads performed by the skill itself. The script runs locally via Node and invokes an external 'openclaw' binary (expected for this purpose). No archive downloads or unusual install locations are present.
Credentials
No environment variables, credentials, or config paths are required by the skill. The script uses the user's home directory by default (or an explicit --openclaw-home) and passes the current process.env to child processes — standard behavior and proportionate to the stated task.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It modifies files in the user's OpenClaw home (creates backups, moves directories, edits openclaw.json) which is appropriate for a repair/upgrade tool; it does not modify other skills' configs beyond removing Bamdra-related references as part of cleanup.
Assessment
This skill appears coherent and limited to fixing OpenClaw/Bamdra artifacts, but take these precautions before running it: 1) Review the included script (scripts/upgrade-bamdra-memory.cjs) yourself to confirm you understand the edits and moves it will perform. 2) Ensure you have a working installation of the 'openclaw' CLI and Node.js — the script invokes 'openclaw plugins install' which will fetch the @bamdra package from whatever registry your OpenClaw uses; verify you trust that package source. 3) Consider running with --openclaw-home pointing to a test copy of your OpenClaw home first, so you can validate behavior without changing production data. 4) After a run, inspect the created backup directory before deleting it. 5) If you have concerns about network fetches performed by openclaw itself, review OpenClaw's install behavior or perform the package install manually.
scripts/upgrade-bamdra-memory.cjs:203
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977sv568fb9twze0wqk2vj2nx83cpbc
84downloads
0stars
1versions
Updated 3w ago
v0.1.0
MIT-0
Wood@bamdra
latest
Download

Bamdra Memory Upgrade Operator

Use this skill when the user wants to install, uninstall, repair, or upgrade the Bamdra memory suite and a normal openclaw plugins install @bamdra/bamdra-openclaw-memory flow is blocked by:

  • plugin already exists
  • plugin not found errors from stale openclaw.json
  • old bundled skills preventing new skill files from being copied
  • partial installs where bamdra-openclaw-memory, bamdra-user-bind, and bamdra-memory-vector are out of sync

Operating Goal

Perform a safe Bamdra suite lifecycle operation without leaving ~/.openclaw/openclaw.json broken.

The bundled script supports these modes:

  • upgrade: backup config, clear stale Bamdra references, move old plugin and skill directories aside, then run openclaw plugins install
  • install: run install without first moving old plugin directories
  • uninstall: backup config, remove Bamdra plugin references from config, and move Bamdra plugin and skill directories into a backup folder

Default Commands

Upgrade to the latest published suite:

node ./scripts/upgrade-bamdra-memory.cjs upgrade

Install a specific published version:

node ./scripts/upgrade-bamdra-memory.cjs upgrade --package @bamdra/bamdra-openclaw-memory@0.3.18

Uninstall the suite safely:

node ./scripts/upgrade-bamdra-memory.cjs uninstall

Optional Flags

  • --package <npm-spec> to install a specific version
  • --openclaw-home <path> to target a non-default OpenClaw home
  • --restart-gateway to restart the gateway after a successful install

Behavior Rules

  • prefer the script over manual deletion or ad-hoc openclaw.json edits
  • mention the backup directory after success
  • after install or upgrade, remind the user to restart OpenClaw if --restart-gateway was not used
  • do not manually edit unrelated plugin config while doing this work
  • do not delete backup directories unless the user explicitly asks

User-Facing Examples

  • “升级一下 Bamdra memory 套件”
  • “修复 openclaw plugins install 时的 plugin already exists”
  • “安全卸载 bamdra-openclaw-memory 套件”
  • “重新安装 bamdra 套件,但不要把 openclaw.json 弄坏”

Comments

Loading comments...