Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hippocampus Openclaw Onboarding
v0.1.0Bootstrap OpenClaw with Hippocampus memory under a branded, repeatable setup: workspace, agent ID, API key or bootstrap token, and MCP wiring.
⭐ 0· 254·0 current·0 all-time
by@cezexpl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (bootstrapping OpenClaw with Hippocampus memory) aligns with the actions described (register, obtain bootstrap token, run a setup helper, write local config). However the SKILL.md uses inconsistent branding/spelling (Hippocampus vs 'hipokamp' vs '~/.hipokamp' and package name 'hipokamp-mcp'), which could be a benign typo or indicate a typo-squatted/misnamed package. This mismatch is unexpected and worth verifying.
Instruction Scope
The runtime instructions tell the operator to run `npx hipokamp-mcp setup --bootstrap-token <token> --gateway <gateway-origin>` which will fetch and execute code from npm and write a config file under the user's home directory (~/.hipokamp/config.json). The SKILL.md does not instruct the agent to read unrelated system files, but it does direct execution of remotely fetched code and persistent storage of credentials — actions that go beyond a purely declarative onboarding document and carry risk if the package or token handling is malicious or mistaken.
Install Mechanism
There is no install spec in the manifest, but the instructions implicitly rely on npx to download and run 'hipokamp-mcp' from the npm registry. Running npx executes remote code at runtime; combined with the inconsistent package/branding spelling, this raises a higher-risk install mechanism (remote execution without a pinned, verifiable source or SHA).
Credentials
The skill metadata declares no required environment variables, yet the instructions explicitly require a bootstrap token (sensitive) and will write local config that likely contains credentials. The lack of a declared primaryEnv / required envs is an omission: the skill uses sensitive data but doesn't list or justify it in the manifest. Writing credentials to ~/.hipokamp is proportionate for onboarding but should be made explicit and documented (storage format, permissions, rotation guidance).
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills, but the onboarding flow writes persistent configuration to the user's home directory (~/.hipokamp/config.json). That persistent write is expected for onboarding but is a point of lasting privilege (stored tokens/config) and should be audited by the user for content and permissions.
What to consider before installing
This skill is plausible but has red flags you should resolve before running anything: (1) verify the correct project/package name and spelling with the Hippocampus vendor — the SKILL.md uses 'hipokamp' (missing 'c'), which could be a typo or a malicious typosquat; (2) avoid blindly running `npx` commands that fetch and execute code from npm — prefer a vetted, pinned package or review the package source before running; (3) treat the bootstrap token as sensitive: do not paste it into untrusted prompts or UIs; ask how the token is stored (inspect ~/.hipokamp/config.json after setup and set strict file permissions); (4) request an install spec or signed release (GitHub release tarball, checksums) if you need to automate this for multiple agents; (5) if you proceed, test in an isolated environment (throwaway account / VM) first to confirm the package behavior and config contents. If you cannot verify the publisher or package repository, do not run the npx command.Like a lobster shell, security has layers — review code before you run it.
latestvk970f245phv5kdxjegqj81fa4d82jejb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.