Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mem0 Memory
v1.0.0mem0 本地记忆层完整实现(增强版)。语义记忆存储/检索/管理,WAL 协议,SESSION-STATE,多级记忆(User/Session/Agent)。参考 ZejunCao/bilibili_code Mem0框架解读优化。
⭐ 0· 638·7 current·8 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md promises a full local memory stack (Python wrapper mem0_wrapper.py, Ollama embedder, MiniMax LLM, Chroma vector DB) and points at a concrete filesystem path (D:\autoclaw\结果\mem0\). However, the skill metadata declares no required binaries, no config paths, and includes no code or install steps. A legitimate implementation would require at minimum: Python/runtime, the mem0_wrapper.py script and supporting files, and locally running services (Ollama, Chroma/DB files). The absence of these requirements in the package metadata is an incoherence.
Instruction Scope
The instructions direct the agent to run Python commands against files in a specific local path, scan every incoming message for multiple data types, and persist user/session/agent memories to disk (including URLs and file paths). That scope involves reading/writing local files and continuously processing user messages for storage; these actions are broader and more privacy-sensitive than the declared skill footprint. There is no guidance in the metadata about what files will be created, retention, encryption, or where SESSION-STATE.md / WORKING-BUFFER.md live, so the runtime instructions exceed what the package declares.
Install Mechanism
The skill is instruction-only (no install spec), which is low risk from an installer perspective. However, it depends on several external components (Ollama running as a service, local LLM models, Chroma DB, and a Python wrapper) that are not installed or provided by the skill. That mismatch means the agent or operator must have preinstalled components — this should be declared and verified before use.
Credentials
No environment variables or credentials are requested, which superficially looks safe. But the SKILL.md expects access to a specific local filesystem location and to persist potentially sensitive user data (preferences, experiences, URLs, file paths). The lack of declared config paths and permission expectations in the metadata is disproportionate: the skill requires filesystem and local-service access but doesn't declare it. Storing personal data persistently without documented controls (encryption, retention policy, access controls) is a privacy risk.
Persistence & Privilege
The skill persists memories to disk and relies on SESSION-STATE.md and WORKING-BUFFER.md for state recovery; it does not set always:true and does not modify other skills. Persisting user memory is expected for this purpose, but the skill's metadata fails to document where/how data is persisted and protected. The per-message WAL scanning behavior (scan every message for triggers) increases privacy sensitivity and should be explicitly consented and controlled.
What to consider before installing
Key points to consider before installing or using this skill:
- The package contains only a SKILL.md; it does not include the Python scripts or binaries it references. Verify that the referenced files (e.g., D:\autoclaw\结果\mem0\mem0_wrapper.py) and services (Ollama, the MiniMax model, Chroma DB) actually exist and come from a trusted source before running anything.
- This skill will scan every message and persist memories (including URLs, file paths, names, preferences) to local files. That can capture sensitive personal or system information — confirm retention, access controls, and whether data is encrypted at rest.
- The metadata does not declare required runtimes (Python) or config paths. Ask the author for a manifest: exact runtime requirements, file layout, where data is stored, and a copy of mem0_wrapper.py to review.
- Do not point this skill at directories with sensitive files (password stores, SSH keys, private documents). Consider running it in an isolated environment or VM and review/read the actual code before giving it access to your real user data.
- If you proceed, require explicit confirmation steps for destructive commands (reset/delete_all) and log all actions. If you cannot obtain the implementation or a trustworthy origin, avoid installing the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk971g08hf4fwd1n5dyqdp5k3j983g9m7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.