ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

pinecone-memory

v1.0.1

将 OpenClaw 记忆系统接入 Pinecone 向量数据库,用于语义检索与记忆持久化。Use when: 用户要求同步记忆到 Pinecone、执行语义搜索、为记忆做云端备份、对大规模记忆进行高效检索。

0· 90·0 current·0 all-time
by@chenni666
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (persist OpenClaw memory to Pinecone and perform semantic search) aligns with the code and CLI commands: it reads local markdown memory, chunks/redacts text, and upserts/queries a Pinecone index. However the registry metadata provided earlier shows no required env vars or binaries while the SKILL.md (and the code) require Node and PINECONE_API_KEY — that metadata mismatch is an incoherence you should resolve before trusting the skill.
!
Instruction Scope
Runtime instructions (SKILL.md) explicitly tell the agent to run node tools/pinecone-memory.mjs with paths like MEMORY.md and 'memory' (a directory). The tool will read arbitrary markdown files under given paths, write a local state file (.pinecone-memory-state.json), write backup JSONL files, and can perform destructive operations (cleanup). Reading local files is expected for a memory-sync tool, but that means the skill will process any files in the supplied paths — if those contain secrets the tool may see them (it tries to redact API keys/tokens/passwords, but redaction is heuristic). The instructions are prescriptive (explicit commands) but grant broad file-read scope via default paths and recursive directory walk; that increases risk if the agent or user accidentally points it to sensitive locations.
Install Mechanism
Registry shows no install spec (instruction-only), which is lower risk for automatic writes. But the package.json declares a dependency on @pinecone-database/pinecone and Node.js is required; the README/SETUP instructs running npm install. That means installing this skill in practice will fetch an npm package from the public registry — a moderate-risk action (normal for such a tool). There is no remote arbitrary archive download or obscure URL usage in the files provided.
!
Credentials
The SKILL.md metadata and code require PINECONE_API_KEY (primary credential) and the code uses it to construct a Pinecone client. That is proportionate to the described purpose. However the registry metadata supplied with the skill bundle incorrectly lists no required env vars — this discrepancy is important to surface: the skill will fail without PINECONE_API_KEY and you should not rely on the registry's empty 'required env' claim. No other secrets (AWS keys, DB creds) are requested in the files provided.
Persistence & Privilege
The skill is not always-enabled and does not request special platform-level privileges. It writes its own state file (.pinecone-memory-state.json), backup JSONL, and suggests cron/heartbeat jobs (user-run). It can perform destructive operations on the target Pinecone namespace (cleanup) which is expected for an index management tool but means you should avoid running cleanup in production namespaces/with production API keys without explicit confirmation.
What to consider before installing
What to check before installing and running this skill: - Metadata mismatch: the registry metadata claims no required env vars, but the SKILL.md and code require PINECONE_API_KEY and Node.js. Assume PINECONE_API_KEY is required until the registry entry is corrected. - Install safely: run npm install in an isolated environment if you need to install dependencies. Review package.json (it depends on @pinecone-database/pinecone) and prefer installing in a controlled environment (container, VM) first. - Test with non-production credentials: use a throwaway Pinecone API key and a non-production index/namespace when you first run check/sync/heartbeat/cleanup. - Inspect default paths: by default the tool reads MEMORY.md and recursively reads the 'memory' folder — ensure these paths don't include sensitive files. If you pass custom paths, validate them carefully. - Be careful with destructive commands: cleanup deletes namespace data; restore/write operations modify your index. Don’t run cleanup/restore against production namespaces without backups and explicit confirmation. - Local artifacts: the tool writes .pinecone-memory-state.json and JSONL backups. Ensure these files are stored securely (they may contain excerpts of your memories) and exclude them from public repos. - Review code if you need higher assurance: the included tools/pinecone-memory.mjs is readable; if you are not comfortable, have a developer audit network calls and confirm there are no hidden endpoints beyond the Pinecone SDK usage. If you want, I can: - Summarize the remainder of tools/pinecone-memory.mjs (file was truncated in the manifest) and look specifically for network calls or surprising behavior, or - Produce a short checklist/command sequence to safely try this skill in a sandboxed environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dgmfc7n7n2vvnz884yccn5x84h95w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments