Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memory-Auditor
v1.0.0Audits an agent's claims against stored memory to detect fabricated or drifted details and assess memory consistency with token-level analysis.
⭐ 0· 23·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description and SKILL.md claim the service performs local token analysis and requires no credentials, but the package includes a Cloudflare Worker implementation and documents a remote endpoint (https://memory-auditor.cvapi.workers.dev/audit). The presence of worker.js and wrangler.toml implies a hosted service rather than a purely local tool — a mismatch between advertised 'local analysis' and a published remote API.
Instruction Scope
SKILL.md instructs callers to POST full 'current_behavior' and 'stored_memory' to an external URL and to include an x402-payment header or ?payment=1. That means user/agent data will be transmitted off-host unless the user's platform replaces the call with local logic — contradicting the SKILL.md line 'No external API calls — runs entirely on local analysis.' There are no instructions that reference unrelated system files or env vars, but the external transmission and payment requirement broaden the operational scope.
Install Mechanism
There is no install spec (instruction-only from the registry perspective), which is low-risk. However the package actually contains worker.js and wrangler.toml for a Cloudflare Worker (code that would run remotely). No downloads or third-party install URLs are present in the package itself.
Credentials
The registry metadata lists no required environment variables, but wrangler.toml sets a [vars] EXA_API_KEY and worker.js falls back to a hard-coded GUID (env.EXA_API_KEY || 'd6aa75ee-...'). A secret/API key is present in the repo, though the key is not used anywhere in the code. This hard-coded credential is unexpected and disproportionate to the stated purpose and may indicate sloppy key handling or leftover secrets.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not ask for system-wide config paths or privileged access. It only exposes an HTTP API contract and a payment header requirement.
What to consider before installing
Before installing or invoking: (1) Confirm whether you expect the audit to run locally or to be sent to an external hosted service — SKILL.md claims local analysis but documents a remote endpoint and includes worker code. (2) Do not send sensitive or private memory contents to this endpoint unless you trust the operator and their Terms/Privacy, because the skill requires POSTing full 'current_behavior' and 'stored_memory' and demands a payment header. (3) Ask the author/source for clarification about the hard-coded EXA_API_KEY in wrangler.toml and worker.js; request removal of embedded keys or an explanation of their purpose. (4) Verify the service domain (memory-auditor.cvapi.workers.dev) and who controls it; prefer an implementation that truly runs locally if privacy is a concern. (5) If you still want to use it, request a version that performs the analysis locally (no external network calls) or review hosting/ownership/legal terms and ensure the payment mechanism cannot be abused.Like a lobster shell, security has layers — review code before you run it.
a2avk9794afptvrgaq50f9nhgm3mgd848edgauditvk9794afptvrgaq50f9nhgm3mgd848edglatestvk9794afptvrgaq50f9nhgm3mgd848edgmemoryvk9794afptvrgaq50f9nhgm3mgd848edgpaidvk9794afptvrgaq50f9nhgm3mgd848edg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.