ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hippocampus

v0.1.1

Daily incremental update of HIPPOCAMPUS.md — domain-filtered 14-day rolling context. Universal skill for all agents.

0· 54·0 current·0 all-time
bySachee@comicsansbestfont
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (daily incremental update of HIPPOCAMPUS.md, domain-filtered 14-day rolling context) aligns with the instructions and the included decay.py script: the skill reads memory files, an events DB, peer HIPPOCAMPUS files, and writes/archives learnings. However the SKILL.md expects runtime utilities (sqlite3, python3) and access to many absolute/central paths (~/.openclaw/*, OC/...), yet the registry metadata lists no required binaries or credentials — a minor but relevant mismatch.
!
Instruction Scope
SKILL.md instructs the agent to run shell commands (sqlite3 query against ~/.openclaw/events.db), traverse and read many workspace and cross-workspace files (absolute and relative paths), and to run an included decay script that will modify files under each workspace's .learnings (LEARNINGS.md, ERRORS.md, FEATURE_REQUESTS.md), archive and delete blocks. Those reads/writes are consistent with the purpose, but they cover a wide surface (cross-agent HIPPOCAMPUS files, BU captures, cron logs, CRM hubs). The instructions also assume the script lives at ~/.openclaw/skills/hippocampus-sync/scripts/decay.py and that sqlite3/python3 are available — this is not declared in metadata and may fail or unexpectedly touch system paths. The instructions are prescriptive and perform destructive edits (removing archived blocks), so review/backup is recommended.
Install Mechanism
No install spec (instruction-only) reduces supply-chain risk, and the code file included (scripts/decay.py) matches the declared behavior. But SKILL.md references an absolute path (~/.openclaw/skills/hippocampus-sync/scripts/decay.py) when invoking the script; because there's no install step documented, it's unclear whether the runtime will place the script at that path. That assumption mismatch could lead to errors or ad-hoc instructions to write the script into users' home directories — which would be higher risk if done automatically.
Credentials
The skill requests no environment variables or credentials (good), and does not call external APIs per the instructions. However it does read potentially sensitive local artifacts (events.db, peer HIPPOCAMPUS, CRM hub files, various artifacts across OC). Those local reads are proportional to a cross-agent hippocampus sync but are broad: the agent will have read access across many domain files. No secrets are requested, but data exposure risk exists through broad filesystem reads.
Persistence & Privilege
The skill is not marked always:true and uses default autonomous-invocation behavior. It writes/edits workspace files (HIPPOCAMPUS.md and files under .learnings) which is reasonable for its purpose. There is no evidence it modifies other skills' configs or requests persistent global privileges beyond normal filesystem access.
What to consider before installing
This skill appears to do what it says (maintain HIPPOCAMPUS.md and decay old learnings) but has a few practical inconsistencies and broad file access that you should consider before installing: - The SKILL.md runs shell commands (sqlite3) and python3 scripts but the metadata declares no required binaries; ensure sqlite3 and python3 exist in the runtime or the skill will fail. Ask the author to declare required binaries. - The instructions read and write many files across ~/.openclaw and other cross-workspace paths (peer HIPPOCAMPUS, CRM hubs, cron logs). If you install this, the agent will have read access to a wide set of local data and will modify .learnings/LEARNINGS.md (it can change status, archive blocks, and remove content). Backup relevant files and run in a safe/test workspace first. - The SKILL.md expects the decay script at an absolute path (~/.openclaw/skills/hippocampus-sync/scripts/decay.py) but there is no install step showing placement there. Confirm how the platform exposes the skill's scripts at runtime (and that the script won't be copied into arbitrary home directories without your consent). - If you rely on sandboxing for certain agents (e.g., Bobina), verify the platform enforces the relative-path-only rule described in the doc; otherwise absolute reads could bypass intended isolation. Recommended actions before proceeding: 1) Ask the publisher to update metadata to list required binaries (sqlite3, python3) and to provide an explicit install step or clarify runtime paths. 2) Review and back up any HIPPOCAMPUS.md and .learnings files. 3) Test the skill in a non-production workspace to confirm what files it reads/writes. 4) If you have sensitive local data, restrict the agent's filesystem permissions or refuse installation until the scope of file access is narrowed/confirmed.

Like a lobster shell, security has layers — review code before you run it.

latestvk977y679490nrnwgy4ent07mp583f9c3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments