Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AutoDream Memory
v1.0.1AutoDream - Automatic memory consolidation sub-agent. Periodically (24h +5 sessions) organizes MEMORY.md and memory files, deduplicates, merges, removes stal...
⭐ 0· 39·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (automatic memory consolidation) aligns with the provided code and docs. The package contains scripts to scan memory files, sessions, and update MEMORY.md; those are expected for this functionality.
Instruction Scope
SKILL.md instructs running included scripts and installing a cron. The scripts read workspace/sessions/*.jsonl, memory/*, and update MEMORY.md and memory/autodream/*. That is within the stated purpose, but the code operates over the entire workspace you point it at — so if the workspace contains sensitive files the script will read them (sessions, memory, etc.). The docs assert it 'will not modify project source code' but this is a policy in text; ensure the rest of the script doesn't write outside memory/skill paths. Also setup_24h.sh immediately runs autodream_cycle.py which causes immediate execution on your workspace when installing/setting up.
Install Mechanism
There is no external install or remote-download step in the skill bundle; it's instruction + local scripts. That lowers supply-chain risk. setup_24h.sh and ensure_openclaw_cron.py write local config files under the skill folder and call the local Python script.
Credentials
The skill requests no environment variables or external credentials. However, setup_24h.sh writes an 'issue_url' and 'post_enabled' field into config.json (controlled by the user-provided arguments). The visible code does not show network exfiltration, but the presence of an issue_url/post_enabled configuration flag raises the possibility that a future or truncated part of the script could POST reports externally. Verify there are no network calls in the remainder of autodream_cycle.py before enabling posting.
Persistence & Privilege
always:false and default invocation settings are used. The skill writes local state/backup files under memory/autodream and skill config under skills/autodream/config; it does not request permanent elevated platform privileges. The setup script will, however, execute the consolidation run immediately when invoked.
What to consider before installing
Before installing or running AutoDream:
- Inspect the full autodream_cycle.py (the consolidation phase was truncated in the bundle review). Search that file for any network calls (requests, urllib, aiohttp, curl, subprocess posting to curl) or code that writes outside memory/skill directories.
- Do an initial run with dry_run=true (or --dry-run) and/or in a copy of your workspace to see what it would change. The setup script runs the consolidation immediately — avoid running setup_24h.sh if you don't want an immediate pass.
- Keep post_enabled off and leave issue_url blank unless you explicitly trust the endpoint. If you need external reporting, audit the code that performs posting.
- Because the scripts read sessions/ and other workspace files, run them in a workspace that does not contain secrets or production credentials; consider running in a disposable container or VM first.
- Confirm backups are being created (memory/autodream/backup/) and test restores before allowing automatic runs.
If you want, provide the rest of autodream_cycle.py (the truncated consolidation/write parts) and I can re-evaluate for any code paths that send data externally or modify non-memory files.Like a lobster shell, security has layers — review code before you run it.
latestvk971490mk6tjs9mcarx5a75nv1843zfg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.