Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memory Hygiene
v1.0.2Audit, clean, and optimize Clawdbot's vector memory (LanceDB). Use when memory is bloated with junk, token usage is high from irrelevant auto-recalls, or set...
⭐ 0· 187·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the actions in SKILL.md: auditing, wiping, reseeding, and disabling auto-capture for a LanceDB-backed vector memory. No unrelated credentials or binaries are requested.
Instruction Scope
Instructions include dangerous, destructive commands (rm -rf ~/.clawdbot/memory/lancedb/) and automated restart/cron instructions. They also advise storing 'accounts, credentials locations, contacts' into memory which could surface secrets if MEMORY.md or source data contains them. The steps are high-impact and should not be run blindly or by an untrusted agent.
Install Mechanism
Instruction-only skill with no install spec or downloaded code. This lowers code-execution supply-chain risk; nothing is written to disk by an installer.
Credentials
The skill requests no environment variables, credentials, or config paths beyond instructing operations on ~/.clawdbot/memory/lancedb/ and gateway actions. There are no extraneous secret requests, but the guidance to store credential locations in memory is a potential privacy concern (not an explicit credential request).
Persistence & Privilege
Skill suggests creating a recurring cron job that will automatically wipe and reseed memory monthly. While the skill itself is not 'always: true', these instructions could be used to grant ongoing destructive behavior if applied. Also instructs gateway config patches and gateway restarts, which are privileged actions—ensure only authorized actors perform them.
What to consider before installing
This skill appears to do what it says (audit, wipe, reseed LanceDB memory), but it contains high-impact operational steps you should not run blindly. Before installing or invoking: 1) Back up your existing memory directory (don't run rm -rf without a verified path). 2) Inspect MEMORY.md and other sources for secrets — avoid storing actual tokens/passwords or precise credential values in vector memory. 3) Restrict which agents/users can execute shell commands, gateway restarts, or config.patch actions. 4) Prefer manual runs initially or test on a non-production instance. 5) If you enable the cron job, ensure you have monitoring and backups so automated wipes cannot cause data loss. If you want tighter safety, request the skill be modified to use non-destructive API-level deletes with confirmation prompts and to explicitly forbid storing credential locations or other sensitive material.Like a lobster shell, security has layers — review code before you run it.
latestvk9719sp1agkfnw2zya4z4k36x583hxkd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.