ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

memory-system

v1.0.0

OpenClaw 长期记忆管理系统。提供结构化记忆、向量记忆、语义搜索功能。Use when: 用户需要 AI 记住长期上下文、偏好、决策,或需要从记忆中进行语义搜索。

0· 271·0 current·0 all-time
by@damiencronw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared purpose (structured + vector memory with Postgres/pgvector and local embeddings) is coherent with the code. However the skill listing declared no required binaries or env vars, while the scripts assume psql, curl, and a local embedding service on localhost:11434 and use a hardcoded DB user 'damien' and ports 5432/5433. The lack of declared requirements/configuration is a mismatch and reduces transparency.
Instruction Scope
Instructions and scripts explicitly read local files under ~/.openclaw/workspace/memory and insert/archive them into local Postgres — this is within the stated purpose. The vector search posts queries to a hardcoded local embedding API (http://localhost:11434/api/embeddings). There is no evidence of external network exfiltration beyond the local embedding call, but if that local service proxies externally it could leak content.
Install Mechanism
No install spec (instruction + small scripts) — lowest-risk install mechanism. Nothing is downloaded or extracted by the skill itself.
!
Credentials
No required env vars or credentials were declared in metadata, yet the code hardcodes database access (user 'damien', ports 5432/5433) and assumes presence of psql and curl. This is disproportionate: either required env/binaries should be declared or credentials/parameters should be configurable (env vars or config file). Hardcoded credentials reduce safety and transparency.
Persistence & Privilege
always:false and the skill does not request system-wide persistence or modify other skills. It runs local file I/O and subprocesses but does not request elevated or persistent platform privileges.
What to consider before installing
This skill mostly does what it says (archives local markdown memories into Postgres and performs vector/semantic search), but there are several red flags you should address before installing or running it on sensitive data: - The scripts assume psql and curl are available and a local embedding service at http://localhost:11434; those requirements are not declared. Ensure you understand and control those services. - The code hardcodes the DB username ('damien') and ports; it lacks environment-variable configuration. Prefer changing the scripts to accept DB credentials via secure env vars or a config file before use. - The archiver reads ~/.openclaw/workspace/memory and will import file contents into a database. Only run it if you trust the source and the destination DB. If the local embedding service proxies requests externally, your data could be sent outside your machine. - The import uses naive string interpolation to build SQL passed to psql; this is brittle and could lead to SQL quoting issues or injection-like problems for unusual content. Use parameterized inserts or a DB client library instead. If the author can (a) declare required binaries/env vars, (b) make DB and embedding endpoints configurable through env vars, and (c) fix SQL parameterization, the skill would be much safer. Until then, run it in a controlled/non-sensitive environment and review/modify the scripts yourself.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cfkmewanbsr3ak0yz1arvr182gr0y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments