Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Integrated Memory Evolution Action
v1.0.0整合三層記憶系統 + 自進化引擎 + 行動模式。所有 Agent 必須使用的核心 Skill,實現記憶驅動、自進化、主動行動的完整閉環。
⭐ 0· 61·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (integrated memory + evolution + action) aligns with the instructions: the SKILL prescribes layered memory reads/writes, evolutionary logs, and action-state updates. However, the skill expects access to files that may contain sensitive config (Layer 3: 'API 配置') and references runtime tools (node, python3, memory_search) even though the registry metadata lists no required binaries or credentials — an inconsistency that should be justified.
Instruction Scope
SKILL.md forces a mandatory pre-task checklist that instructs the agent to read many shared and workspace paths (/shared/memory/..., workspace/.learnings, memory/ontology/..., SESSION-STATE.md, HEARTBEAT.md, etc.), to run commands (memory_search, node scripts/log-learning.mjs, python3 scripts/ontology.py), and to perform write-ahead-log writes before replying. This gives the skill broad discretion to read and persist potentially sensitive or unrelated data and to run scripts that are not included in the package. The 'write before reply' WAL requirement increases risk of unintended persistent changes or data leakage.
Install Mechanism
No install spec and no code files — lowest install risk. That said, the instructions reference scripts and binaries (node, python3, memory_search) that are not supplied; the absence of those artifacts means the runtime behavior depends on the host environment and prompts the agent to run external commands that should be audited.
Credentials
The skill declares no required env vars or credentials, but its documented memory layers explicitly include 'API 配置' and other persistent config in Layer 3. Asking agents to read/write shared config files is effectively requesting access to secrets/configs without declaring or justifying them. The number and sensitivity of file paths accessed is disproportionate relative to a simple skill manifest that claims no credentials or binaries.
Persistence & Privilege
always:false and default autonomous invocation mean it won't forcibly be included everywhere, but the skill is written as '所有 Agent 必須使用!' while not enforcing that flag. The skill directs frequent, persistent writes to shared memory locations (SESSION-STATE.md, .learnings, memory/...), which gives it lasting side effects across agent runs. This is not necessarily malicious, but it elevates blast radius and should be limited by permissions and review.
What to consider before installing
This skill is coherent with a memory-driven 'evolution + action' system, but it requires the agent to read and write many shared files (including Layer 3 where API configs/preferences may live) and to run node/python commands that are not provided. Before installing: (1) review the actual memory files (/shared/memory..., workspace/.learnings, SESSION-STATE.md) for sensitive data and decide which paths the skill should be allowed to access; (2) ensure any referenced scripts (node scripts/log-learning.mjs, python3 scripts/ontology.py) are present and audited, or remove those steps; (3) run the skill in an isolated/test environment first and apply least-privilege filesystem ACLs so it can't read unrelated secrets; (4) consider modifying the skill so it declares required binaries or explicitly documents what it must access; and (5) do not assume this instruction-only skill is harmless just because it has no install — its runtime file access and write behavior are the primary risk.Like a lobster shell, security has layers — review code before you run it.
actionvk970r0j3mcjjw62hc722t5pmy1846nskcorevk970r0j3mcjjw62hc722t5pmy1846nskevolutionvk970r0j3mcjjw62hc722t5pmy1846nsklatestvk970r0j3mcjjw62hc722t5pmy1846nskmandatoryvk970r0j3mcjjw62hc722t5pmy1846nskmemoryvk970r0j3mcjjw62hc722t5pmy1846nsk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠⚡🎯 Clawdis