Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AVM Memory
v1.1.0AI Virtual Memory enables multi-agent shared semantic memory with token-aware recall, topic indexing, lifecycle management, and decentralized discovery using...
⭐ 0· 72·0 current·0 all-time
byYuzhe Shi@bkmashiro
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name and description (AI Virtual Memory, multi-agent shared semantic memory) match the SKILL.md content: CLI/Python API, FUSE mount, gossip discovery, librarian, TopicIndex, consolidation, etc. The features and examples align with the stated purpose — nothing requested (env vars, credentials, config paths) appears unrelated to the described functionality.
Instruction Scope
The SKILL.md is a usage/operation manual that instructs running local binaries (avm, avm-mount, avm-mcp) and starting background processes (gossip protocol, consolidation cron jobs). It does not instruct reading unrelated system files or exfiltrating secrets, but it does describe networked discovery (gossip publish/refresh) and cross-agent sharing. Because no code is included, the actual network endpoints, transport, and degree of data sharing cannot be audited from the docs alone — this is expected for an instruction-only skill but worth noting.
Install Mechanism
There is no install spec in the registry entry (the skill is instruction-only). The README suggests running 'pip install -e .' and installing fusepy/macfuse/fuse3 locally — that implies executing project code from a source tree (arbitrary code execution) if you follow the instructions. The absence of a registered install spec reduces platform-side risk, but if you install locally you should inspect the repository before running pip install or executing binaries.
Credentials
The skill declares no required environment variables, credentials, or config paths. That is proportional to the documented local, zero-API-key design (it claims local sentence-transformers embeddings). The main privacy concern is semantic: the gossip/librarian features purposefully share topic-existence or content across agents and shared namespaces — avoid storing secrets in shared memory and validate access controls described in the doc.
Persistence & Privilege
always:false (normal). The instructions recommend starting persistent components (gossip background thread, MCP server, and scheduled consolidation jobs). Those introduce persistent network/listener behavior at the host level when you run the software, but this is a property of the software as documented rather than a registry-level privilege. If you run it, expect long-running processes and possible network traffic for agent discovery.
Assessment
This skill is a documentation-only description of a multi-agent local memory system and appears coherent with its stated purpose. Before installing or running anything: 1) clone the project and inspect the code and setup files (there's no install spec in the registry — 'pip install -e .' in the README runs local code you should trust), 2) be aware the system implements gossip and inter-agent sharing — do not put secrets or sensitive data into shared namespaces, and review access-control enforcement, 3) FUSE mounts and MCP servers will expose file-like interfaces and may open network ports; run them in an isolated environment or container if you are uncertain, 4) the skill refers to local embedding models that may require downloading model weights (network use) — verify sources, and 5) if you need stronger assurance, ask the maintainer for source code or a published package/release and for details on the gossip transport and discovery endpoints. Because this is instruction-only with no code attached in the registry, inspect the project before following the README commands.Like a lobster shell, security has layers — review code before you run it.
latestvk975k28y3cap50h3ycjm213pf983fwvf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.