ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session Memory (Workspace)

v1.0.0

Write session summaries to daily memory files and search session history so OpenClaw can recall and cite past conversations.

0· 508·0 current·0 all-time
by@breezezephyr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match behavior: the scripts read session JSONL files from ~/.openclaw/agents/main/sessions and either search them or summarize them into workspace/memory/YYYY-MM-DD.md. Required binary (node) is appropriate and necessary for the included JavaScript scripts.
Instruction Scope
SKILL.md instructs running the included node scripts and documents which paths are read/written. The instructions limit scope to session files and workspace memory; they do not ask the agent to read unrelated paths, system credentials, or call external endpoints. The scripts perform only local file I/O and text processing.
Install Mechanism
There is no install spec (instruction-only), and included files are plain Node scripts. No remote downloads, package installs, or archive extraction are performed by the skill metadata.
Credentials
The skill requires no environment variables or credentials. It accesses only the documented local session directory and the workspace memory directory; those paths are reasonable for the described functionality.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed (platform default) but the skill does not request heightened privileges or modify other skills or global agent settings. It writes only to the workspace memory files that its description declares.
Assessment
This skill is coherent: it reads local OpenClaw session logs and writes/updates per-day memory markdown files so the agent can recall past conversations. Before installing, confirm you are comfortable with the agent reading your session JSONL files and adding their summaries to workspace/memory (these files may contain sensitive content). Also ensure Node.js is available. If you do not want automatic summarization, avoid running the summarize script or restrict who can invoke the skill; when enabled the agent can call the scripts (autonomous invocation is the platform default).

Like a lobster shell, security has layers — review code before you run it.

latestvk9717f6pkzws6kvxyedr2adn858208km

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📅 Clawdis
Binsnode

Comments