ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Claw Memory Guardian

v1.0.1

自动保存、备份和恢复OpenClaw会话记忆,防止任务中断和信息丢失,支持语义搜索与项目时间线管理。

0· 1.3k·2 current·2 all-time
bySkilledClaw@betsymalthus
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and files indicate a local memory/backup utility (creates memory/ dirs, auto-save script, git commits, backups). That capability is coherent with the stated purpose. There are no requests for remote credentials or unrelated services. However the SKILL.md mentions cloud syncing/semantic search features and a config path (~/.openclaw/config.json) that do not match the code's actual behavior (code reads config from the workspace config.json and implements local-only behavior).
!
Instruction Scope
SKILL.md instructs users to edit ~/.openclaw/config.json and implies automatic background behaviors (automatic commits/backups), but the code reads config from OPENCLAW_WORKSPACE/config.json (e.g. ~/.openclaw/workspace/config.json) — a mismatch. SKILL.md promises periodic automatic git commits and automatic backups; the code includes a manual save() that commits and creates an auto_save.sh script, but the auto-save script as written does not perform git commits or backups (and its jq usage is likely broken). The skill writes files and an executable into the user's workspace and creates an infinite-loop auto_save.sh; SKILL.md gives broad permission to modify workspace but the exact runtime behaviors are not fully implemented or are inconsistent with the docs.
Install Mechanism
There is no registry install spec but the package contains an install.js which (when run) copies the skill into the user's workspace (~/.openclaw/workspace/skills), writes a bin shim at workspace/bin/memory-guardian and makes it executable. This is local file modification (no remote downloads). It's not inherently malicious but it alters the user's workspace filesystem and can overwrite an existing installation—this should be expected and reviewed before running. The auto-save script is created but the installer does not start it automatically.
Credentials
The skill declares no required environment variables or external credentials, and the code only uses standard environment variables (OPENCLAW_WORKSPACE optionally and HOME). That is proportionate to a local file/backup utility. One practical issue: the auto-save shell script depends on 'jq' being available (it references jq) but the package does not declare jq as a required binary—this is a missing prerequisite.
Persistence & Privilege
The skill does not set always:true and does not request elevated OS privileges. It creates persistent artifacts in the user's workspace (skill files under skills/, a workspace/bin/memory-guardian shim, and an auto_save.sh script that can run indefinitely if started). The installer does not automatically run the auto-save process, but the presence of a long-running script means a user might start a persistent process (risk of unnoticed resource use).
What to consider before installing
This package is not obviously malicious, but there are consistency and implementation issues you should review before installing: - Review install.js and index.js: the installer copies files into ~/.openclaw/workspace/skills and writes an executable shim to workspace/bin. If you install, these local files will be created/overwritten under your user account. - Check the auto_save.sh content before running it: it contains an infinite loop and expects 'jq' to be present. The script may not behave as described in the docs (it appears not to perform git commits/backups). Do not run it as a background service until you inspect it and test in a sandbox. - Confirm which config file is used: the code reads OPENCLAW_WORKSPACE/config.json (default ~/.openclaw/workspace/config.json) but SKILL.md tells you to edit ~/.openclaw/config.json — ensure you edit the actual file the code reads or set OPENCLAW_WORKSPACE explicitly. - Verify git behavior and scope: the code initializes a git repo in your workspace and performs commits of memory files. If your workspace contains other sensitive data, double-check .gitignore contents and the commands used (the code adds and commits './memory/*' but the initial git init operates at the workspace root). - Test in an isolated environment first: run the provided simple_test.js/test.js in a disposable directory or VM to observe real behavior before adding to your primary workspace. If you want me to, I can: point to the exact lines that write files, show the auto_save.sh contents and where jq is referenced, or suggest minimal edits to make the scripts safer (e.g., limiting git scope, not writing a globally reachable bin shim, requiring explicit start of auto-save).

Like a lobster shell, security has layers — review code before you run it.

latestvk97ct77jxr9v984b5dmmgk5jgn80yrfm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments