ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Identity Manager

v1.0.0

Create, update, and maintain structured identity entries for every person, org, or group mentioned in conversation. Supports human and AI entity subtypes, gr...

0· 13·0 current·0 all-time
by@cyber-bye
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description (identity manager) aligns with the runtime instructions: it creates/updates identity files, group entries, a memory index, and a 'soul' file. However, the registry metadata declares no required config paths or credentials while the instructions repeatedly require reading/writing many specific workspace files (identity/<slug>/entry.md, memory/identities.json, memory/schema.json, soul/identity_context.md, _index.md, memory/hook_log.jsonl). The omission of those required paths in metadata is an incoherence (the skill will need filesystem persistence but doesn't declare it).
!
Instruction Scope
SKILL.md and AGENT.md demand scanning every input for person/org/group names and unconditionally creating/updating entries (drafts allowed) before composing any reply. The hooks require synchronous on-disk writes and post-response verification. This enforces persistent collection of mentions (including potential PII like emails/phones if available), and treats AI persona operational metadata as unprotected. While consistent with the stated purpose, the scope is broad (applies every turn, can't be skipped) and may capture more context than a user expects.
Install Mechanism
Instruction-only skill with no install steps and no external downloads — low install risk. There are no code files to execute; behavior is driven by SKILL.md and templates that assume a writable workspace filesystem.
!
Credentials
The skill requests no environment variables or external credentials, which is consistent with being local. However, it expects and will perform extensive filesystem writes and reads across the workspace (including creating an owner snapshot from an unspecified 'workspace config' on first run). It also enforces append-only 'CRITICAL FLAGS' and 'SESSION LOG' behaviors and treats AI persona activation/greeting as public operational metadata — this increases privacy exposure. The lack of explicit declaration of which config or owner files it will read is an unexplained gap.
!
Persistence & Privilege
The skill requires persistent, append-only storage (soul/identity_context.md with append-only CRITICAL FLAGS, memory/identities.json, hook logs, and identity entries) and enforces write-through on CRITICAL/HIGH events before completing turns. Although always:false (not force-installed), autonomous invocation is allowed; combined with mandatory on-turn writes and append-only retention, this gives the skill a substantial long-term data footprint and retention power in the workspace. The skill does not define deletion/retention policies for entries (archived entries are 'never deleted').
What to consider before installing
Before installing or enabling this skill, consider the following: - It will scan every conversation turn and create/update persistent identity files (identity/<slug>/entry.md), a central memory index (memory/identities.json), and an append-only 'soul' file. Expect data to be stored on-disk and retained long-term. - The metadata does not list the config paths or workspace files it reads/writes; ask the author which filesystem paths are used and where data is stored/backed up. Verify storage location and permissions in your environment. - The skill may persist mentions and contact details (email, phone) if they appear in chats. If you handle sensitive or regulated data, do not enable this skill without confirming retention/delete policies and access controls. - The skill enforces mandatory writes and append-only critical logs before every reply. In shared or audited environments this may be acceptable, but it can leak context into long-lived logs. Confirm who can read the created files and whether they are included in backups or external syncs. - If you want to proceed: test in a sandboxed workspace first, review the templates and memory/schema.json to confirm what fields will be recorded, and request the author add explicit metadata declaring required config paths and a data-retention/deletion policy. Consider disabling autonomous invocation or limiting the skill to user-invoked only until you are confident about its storage behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk977jgp2hnn8s1gbhmzs9pv16h84nrxt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🪪 Clawdis

Comments