ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hippocampus Subagent Memory

v0.1.0

Isolate and coordinate sub-agent memory in OpenClaw with Hippocampus using scoped IDs, bounded merge-back, and explicit cross-agent imports.

0· 322·0 current·0 all-time
by@cezexpl

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cezexpl/hippocampus-subagent-memory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Hippocampus Subagent Memory" (cezexpl/hippocampus-subagent-memory) from ClawHub.
Skill page: https://clawhub.ai/cezexpl/hippocampus-subagent-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install cezexpl/hippocampus-subagent-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install hippocampus-subagent-memory
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Skill name/description (Hippocampus sub-agent memory) matches the instructions (create isolated namespaces, bounded merge-back). However the SKILL.md references related packages and onboarding artifacts (hippocampus-memory-core, hippocampus-openclaw-onboarding, @hippocampus/openclaw-context-engine) and a 'portal' process without declaring any install steps or required credentials—this is plausible for an instruction-only policy but is an unexplained dependency surface. Also the SKILL.md uses a differently spelled env token 'HIPOKAMP_SUBAGENT_ID' which is likely a typo and could cause misconfiguration.
Instruction Scope
The runtime instructions stay within the stated purpose: spawn child agents, restrict writes to a scoped namespace, return bounded summaries, and import explicitly. There are no directives to read arbitrary host files, exfiltrate data, or contact external endpoints outside the conceptual 'portal' mention.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — low disk/write risk. Because no install occurs, there is no direct supply-chain risk from this repository itself.
Credentials
The skill declares no required env vars or credentials, which is proportionate for an instruction doc. But it references a scoped ID value ('HIPOKAMP_SUBAGENT_ID') and a portal bootstrap process without specifying how scope/authentication is obtained. That inconsistency (missing declared env usage, and the probable typo) should be clarified; otherwise implementers may hardcode sensitive tokens or invent unsafe workarounds.
Persistence & Privilege
The skill does not request permanent presence (always:false) and has no install steps that modify agent/system configuration. Autonomous invocation is allowed (platform default) but not combined here with other clear red flags.
What to consider before installing
This skill is mostly a policy document, but there are a few things to check before you use it in production: 1) Confirm the intended environment variable name — the doc uses 'HIPOKAMP_SUBAGENT_ID' which looks like a typo; ask the author what the canonical scoped-ID is and how it's set. 2) Ask how the 'portal' bootstrap and related packages are provided: do you need hippocampus-memory-core or onboarding code installed elsewhere? If so, request a concrete install/auth plan and minimal required credentials. 3) If you will let agents inherit scope automatically, verify this does not grant them access to unrelated credentials or agent configuration. 4) Test this in a sandbox: ensure child agents only write to their namespace and that the merge-back mechanism only returns the bounded summaries you expect. 5) Prefer the author add explicit env/credential requirements (or confirm none are needed) and fix the typo to avoid accidental misconfiguration. If those clarifications are provided and implemented minimally, the skill can be considered coherent; without them, treat it cautiously.

Like a lobster shell, security has layers — review code before you run it.

latestvk972wdjgem7rgb2p9dzr25x8g982jbz0
322downloads
0stars
1versions
Updated 22h ago
v0.1.0
MIT-0
@cezexpl
latest
Download

Hippocampus Subagent Memory

Use this skill when OpenClaw spawns sub-agents that need their own memory without contaminating the parent agent context.

Use It For

  • creating isolated sub-agent memory namespaces
  • preventing accidental memory leakage across siblings
  • returning only bounded summaries or artifacts to the parent
  • coordinating explicit import from child to parent

Preferred Flow

  1. Spawn a child with a scoped HIPOKAMP_SUBAGENT_ID.
  2. Let the child write only into its own namespace.
  3. Return a bounded result package at the end of the task.
  4. Import back to parent only what is explicitly approved.

Guidance

  • Default to isolation.
  • Do not flatten full child memory into the parent.
  • Prefer summary, artifacts, and references over transcript copy.
  • Tag child memory with session and parent linkage metadata.
  • Root-agent bootstrap should happen once in the portal; child agents should inherit scope automatically and should not require separate portal signup.

Related

  • hippocampus-memory-core for core memory operations
  • hippocampus-openclaw-onboarding for base config
  • @hippocampus/openclaw-context-engine for automated spawn/end lifecycle hooks

Comments

Loading comments...