ClawHub

BenOS Memory Core

v0.1.2

Core runtime/volatile memory module for BenOS agent environment. Use to: store and retrieve active session state, open loops, decisions, and scratch notes at...

0· 685·2 current·2 all-time
by@benmjohnson69
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim a runtime/volatile memory module and the code reads the stated state file and last-session file under ~/.openclaw/workspace/benos/runtime — this matches the declared purpose. Minor mismatch: SKILL.md suggests 'agent-controlled read/write' via index.js, but index.js only implements reading (hydrate) and a no-op run; it does not expose a write API.
Instruction Scope
SKILL.md instructs agents to use skill commands for read/write or edit files directly. The runtime instructions and the code are narrowly scoped to reading two files in the user's home workspace. The skill will return file contents from state.json and last-session.md, so the agent could surface any sensitive data stored there. The code does not reference other system paths or external endpoints.
Install Mechanism
No install spec is provided (instruction-only skill with a small native entry file). Nothing is downloaded or written during install; only a 953-byte index.js is included. Low install risk.
Credentials
The skill declares no required environment variables or credentials. The code uses process.env.HOME implicitly to locate files (standard and expected) but HOME was not listed in requires.env — this is typical but worth noting. No other credentials, keys, or external services are requested.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent system-wide privileges or modify other skills' configs. It only reads files within a subdirectory of the user's home.
Assessment
This skill simply reads two files in your home workspace (~/.openclaw/workspace/benos/runtime/state.json and last-session.md) and returns their contents. Before installing, review those files for any sensitive data (API keys, passwords, secrets, or PII) since the skill (and any agent using it) could expose their contents. Note the SKILL.md mentions write capability but the included code does not implement a write API — data changes must be made by editing files directly. The skill has no install script and no external network calls, but it comes from an unknown source with no homepage; prefer packages from trusted authors, and restrict which agents/skills are allowed to invoke this module if those files contain confidential information.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bfb2v155rqsqanmcagwfa8h81bhg6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments