Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Semantic Memory Boost
v1.0.0Enhances AI context relevance and accuracy by layered semantic retrieval and alignment for complex, multi-temporal decision-making and project planning.
⭐ 0· 154·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and the SKILL.md align: the workflow describes intent parsing, tiered retrieval, alignment, synthesis, and saving a memory summary, which are expected for a 'semantic memory' enhancement. However, the instructions reference accessing `[LONG_TERM_REF]` (a database of historical specs) and saving `[MEM_SUMMARIZATION]` into 'memory files' while the skill declares no required config paths, storage locations, or credentials — a mismatch between claimed capabilities and declared requirements.
Instruction Scope
SKILL.md stays within the semantic-retrieval domain (intent mapping, retrieval, alignment, token limits, relevance thresholds). It instructs the agent to read session best-practices and long-term references and to write memory summaries. It does not explicitly request arbitrary system files or external endpoints, but the instructions are vague about where long-term data is read from and where memory files are stored, giving the agent broad discretion about persistence and data sources.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by an installer. This is the lowest-risk install mechanism.
Credentials
The skill declares no environment variables, credentials, or config paths. Yet the runtime instructions presume access to long-term databases and writable memory files. If the agent needs DB credentials or storage paths, those are not declared here — an omission that should be clarified. The current declaration (no creds) is minimal but may be incomplete for the described behavior.
Persistence & Privilege
The workflow explicitly calls for persisting a '[MEM_SUMMARIZATION]' into memory files after responses. Persisting user data is consistent with a memory skill, but the SKILL.md does not specify where data will be stored, retention policies, or access controls. 'always' is false (good), but the skill still requests durable storage implicitly — this is a privacy/persistence concern to confirm with the author.
What to consider before installing
This skill appears to do what it says (semantic retrieval + saving summaries), but it leaves important questions unanswered. Before installing or enabling it: 1) Ask the developer where `[LONG_TERM_REF]` is stored and how the skill authenticates to it (what credentials or service it uses). 2) Ask where `[MEM_SUMMARIZATION]` files are written, who can read them, and how long they are retained. 3) Avoid using the skill with sensitive or confidential queries until storage and access controls are confirmed. 4) Prefer developers to declare any required config paths or environment variables and to provide a privacy/retention policy. If you cannot get satisfactory answers, treat the skill as potentially risky and do not grant it access to private data.Like a lobster shell, security has layers — review code before you run it.
latestvk978w107fmcqgfe8ebmcfy674h8326at
License
MIT-0
Free to use, modify, and redistribute. No attribution required.