Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Context Continuity
v1.1.0上下文续接与记忆管理。当用户说"新建对话"、"继续"、"接着上次"等时, 自动从 MEMORY.md 和 memory/ 文件中提取当前任务/项目上下文, 让新会话能够了解之前的进展。用于:(1) 用户要开始新对话但想保留上下文 (2) 用户说"继续上次的工作" (3) 用户想要回顾当前进行中的任务 特点:自动记...
⭐ 0· 284·0 current·0 all-time
by@cjstate
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (context continuity and memory management) match the instructions: the skill writes daily memory files and reads recent memory to resume context. This capability is coherent with the stated purpose. However, the SKILL.md expects a local memory directory and a workspace path (~/.openclaw/workspace/) even though the skill metadata declared no required config paths — a mismatch that should be clarified.
Instruction Scope
The runtime instructions directly tell the agent to append every conversation to memory/YYYY-MM-DD.md and to read the last 7 days of memory via shell commands (echo, cat, date). They mandate 'automatic recording of all conversations without user confirmation', which is a material privacy/scope decision. The instructions reference specific file paths (memory/, MEMORY.md, ~/.openclaw/workspace/) and perform file I/O; those file accesses are not declared in the skill metadata and could include sensitive content.
Install Mechanism
No install spec and no code files are present (instruction-only). This minimizes supply-chain/install risk because nothing is downloaded or written during install.
Credentials
The skill requests no environment variables or credentials, which is appropriate, but it nevertheless performs local file writes/reads in the user's workspace and memory directories. Because these paths were not declared in requires.config, the skill's access to local files is not proportionately disclosed. Automatically writing full conversation content to disk without opt-in is a privacy risk.
Persistence & Privilege
always is false and model invocation is allowed (defaults). There is no indication the skill tries to modify other skills or system-wide settings. The main persistence concern is the skill's own habit of creating/writing long-term memory files and recommending archiving/deletion policies; that behavior is powerful but consistent with its purpose.
What to consider before installing
This skill will append all conversations to local files (memory/YYYY-MM-DD.md and MEMORY.md under your workspace) and will read recent memory automatically when you ask it to 'continue'. Before installing, consider: (1) Do you consent to automatic, unprompted logging of every conversation? (2) Where will memory/ and ~/.openclaw/workspace/ be created and who can read those files? (3) Do you need an opt-in toggle, redaction, or encryption for stored memories? (4) Ask the publisher to declare config paths and to change 'auto-write without confirmation' to an opt-in setting or at least provide a clear on/off command. If you proceed, restrict filesystem access, secure or encrypt the memory directory, and test deletion/archival behavior so private data isn't retained unintentionally.Like a lobster shell, security has layers — review code before you run it.
latestvk971sm55hxextnzs76ncrcba0s838sqp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.