Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Structured Memory
v1.0.1Manage and update a layered memory system using daily files as source, indexing by domain/module/entity, extracting critical facts, and maintaining recall ef...
⭐ 2· 338·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included scripts and files. All declared behavior (parse daily memory, build indexes, extract critical facts, create cards, backfill history) is implemented by the bundled scripts. There are no extraneous dependencies, credentials, or unrelated binaries requested.
Instruction Scope
Runtime instructions and scripts operate only on workspace files (memory/*.md, memory-index/, memory-modules/, memory-entities/, critical-facts/, critical-facts/cards/) and call other skill scripts. They do not call external network endpoints. Note: the extraction pipeline can identify and persist identifiers (IPs, account usernames, paths, endpoints, repo URLs, job IDs) into critical-facts/*.md (including credentials.md for 'account' facts). That behavior is coherent with the stated goal but materially affects what gets written to disk — review your daily-memory files before running and consider using --no-backfill on first run.
Install Mechanism
Instruction-only skill with no install spec. All code is bundled in the skill archive and nothing is downloaded or executed from arbitrary external URLs. No package managers or extract-from-URL steps are present.
Credentials
The skill requests no environment variables, no external credentials, and requires no config paths outside the workspace. The set of outputs it writes (indexes and critical-facts) is proportionate to the stated functionality. One caveat: it will parse and store identifiers and account names from daily notes into workspace files (including credentials.md), which may be sensitive depending on your content; the SKILL.md and reference docs include guidance not to store secrets in plain text, but the scripts will still persist identified 'account' entries unless the user filters them.
Persistence & Privilege
always is false (default) and there is no attempt to modify other skills or system-wide agent settings. The skill writes files under its workspace directories only (it creates and updates by-date index, module/entity files, and critical-facts/cards). The initial backfill behavior will process all memory/*.md unless --no-backfill is used.
Assessment
This skill appears to do exactly what it says: parse your daily notes and build local indexes and critical-facts. It does not contact external servers or require credentials. Before enabling it: 1) Inspect your existing memory/YYYY-MM-DD.md files for any sensitive identifiers you would not want extracted into workspace files. 2) On first run, consider using --no-backfill or run init_structure.py manually so you control which days are processed. 3) If you are worried about sensitive data, search the skill bundle for where 'account' / 'host' / 'credential' facts are written (critical-facts/credentials.md, hosts.md, etc.) and adjust the code or your notes accordingly. 4) Optionally run the tests and a single-day rebuild on a copy of your workspace to see what would be written. If you want a more conservative installation, disable automatic backfill and review/clean daily notes before running the write-enabled extraction.Like a lobster shell, security has layers — review code before you run it.
latestvk97eaewst840fxvp0meh7vyrn582m3kx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.