ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

VideoMemory

v0.1.15

Start VideoMemory from OpenClaw and return the local UI link.

0· 161·0 current·0 all-time
by@clamepending

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for clamepending/videomemory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "VideoMemory" (clamepending/videomemory) from ClawHub.
Skill page: https://clawhub.ai/clamepending/videomemory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install clamepending/videomemory

ClawHub CLI

Package manager switcher

npx clawhub@latest install videomemory
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (start VideoMemory and return a local UI link) align with the commands in SKILL.md (openclaw plugin install, npx onboarding, health check). However the SKILL.md references specific package versions (npx @clamepending/videomemory@0.1.7 and repo-ref v0.1.3) while the registry metadata shows version 0.1.15 — the mismatched versions are unexplained and should be clarified.
!
Instruction Scope
The instructions direct the agent to run plugin installs and npx commands that will download and execute code from the npm registry and to restart/operate the OpenClaw gateway. These steps go beyond simple read-only queries and can change system state; the guide does not require checksums or other verification beyond a --safe flag and asks the agent to run the onboarding automatically after inspection (which could still execute arbitrary package install scripts).
!
Install Mechanism
There is no formal install spec, but the runtime instructions rely on npx -y @clamepending/videomemory@0.1.7 (dynamic fetch from npm) and openclaw plugin installation. Fetching and running packages with npx executes remote code; no integrity verification (checksums/signatures) or pinned, consistent versions are provided. Using the public npm package may be legitimate, but it increases risk compared with a vetted release or an explicit install artifact.
Credentials
The skill requests no environment variables or credentials, which is proportionate to its stated purpose. That said, the actions it instructs (installing a plugin, writing bridge files, restarting the gateway, opening a local UI) require local filesystem and service control privileges not called out explicitly in the metadata — the user should be aware these operations will modify the local OpenClaw installation and may require elevated rights.
Persistence & Privilege
The skill is not marked always:true and is user-invocable only (normal). Installing the plugin will persist in the OpenClaw instance (expected for plugin installs). This persistent presence combined with code fetched from npm increases the blast radius if the package is malicious, but persistence itself is coherent with the stated purpose.
What to consider before installing
This skill appears to do what it claims (install and start VideoMemory), but before running it: (1) verify the package source — check the GitHub repo and confirm the package name and expected version (the README refers to 0.1.7 while the registry shows 0.1.15); (2) prefer using the OpenClaw plugin install path when possible and inspect the plugin code on GitHub first; (3) run npx --explain / --dry-run or use --safe --explain as recommended and review the onboarding plan output before executing onboarding; (4) avoid running npx -y blindly in sensitive environments — consider installing in a sandbox or VM first; (5) ensure you have backups and understand that installing the plugin will modify local files and may restart services. If you can, ask the maintainer for a signed release artifact or checksum for the package version you intend to install.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

camera Clawdis
cameravk97861td696x7mfa0mqcfzpamd859nbvlatestvk9748t4krtf6d0dfsde5ht5fws85bgj4openclawvk97861td696x7mfa0mqcfzpamd859nbvvisionvk97861td696x7mfa0mqcfzpamd859nbv
161downloads
0stars
14versions
Updated 5d ago
v0.1.15
MIT-0
@clamepending
cameralatestopenclawvision
Download

VideoMemory Setup

Use this skill when the user wants OpenClaw to install, start, relaunch, or check VideoMemory.

For requests like "install videomemory please", "set up videomemory", or "Install the VideoMemory skill from ClawHub and send me the UI", prefer installing the OpenClaw plugin package. If the plugin install path is unavailable, run the safe onboarding command and reply with the returned UI link.

Preferred Commands

First-class plugin install:

openclaw plugins install @clamepending/videomemory@0.1.7

After the plugin is installed and the gateway has restarted, prefer the plugin tools:

  • videomemory_onboard
  • videomemory_relaunch
  • videomemory_status

CLI fallback from the OpenClaw workspace root after clawhub install videomemory, inspect the onboarding plan:

npx -y @clamepending/videomemory@0.1.7 onboard --safe --repo-ref v0.1.3 --explain

If the plan matches the user's request, run onboarding:

npx -y @clamepending/videomemory@0.1.7 onboard --safe --repo-ref v0.1.3

Relaunch:

npx -y @clamepending/videomemory@0.1.7 relaunch --repo-ref v0.1.3

Check status:

curl -fsS http://127.0.0.1:5050/api/health

What Onboarding Does

  • Starts VideoMemory without Docker.
  • Installs the OpenClaw bridge files used by VideoMemory.
  • Returns the user-facing VideoMemory UI link.
  • Runs in safe mode, avoiding network-exposure setup, chat notifications, and privileged setup paths.

Ground Rules

  • Prefer the published VideoMemory CLI command above over hand-written setup commands.
  • Prefer openclaw plugins install @clamepending/videomemory@0.1.7 when OpenClaw plugin installation is allowed.
  • Run --safe --explain before onboarding when acting from chat.
  • If onboarding or relaunch fails, report the actual stderr instead of guessing.
  • After a successful onboarding or relaunch, reply with the returned UI link.

Comments

Loading comments...