Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Tiered Recall
v1.1.0分层回忆系统 - 解决上下文长度限制,保持项目延续性。每次新session自动加载核心记忆+最近日志+活跃项目,支持手动深度回忆。索引含10字内摘要,方便区分同名条目。
⭐ 0· 56·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and most scripts (build-index.py, load.py) align with a local workspace memory/indexing and recall feature: they scan memory/*.md, build an index, detect active projects, and load snippets for sessions. The SKILL.md and README describe the same behavior and token budgeting.
Instruction Scope
Most runtime instructions stay within the stated purpose (reading MEMORY.md, memory/*.md, .tiered-recall files and project key files). However scripts/check_index.py reads a hardcoded absolute path 'C:/Windows/System32/UsersAdministrator.openclawworkspace/.tiered-recall/index.json' outside the workspace — this is inconsistent with the described workspace-local behavior and could unexpectedly access system or other users' files if that path exists. The SKILL.md also references a script update-projects.py that is not present in the file manifest (documentation/code mismatch).
Install Mechanism
There is no install spec (instruction-only install), so nothing is downloaded or installed by the platform. The risk is limited to the included code files being executed locally; they do not fetch remote code or write nonstandard system-wide binaries.
Credentials
The skill declares no environment variables or credentials (good). The included scripts read local workspace files and, in load.py, will load and preview key files (first 500 chars) — reasonable for a recall tool but worth noting: any sensitive content in your workspace could be read and returned by the skill if invoked. No network exfiltration is present in the code, but the agent could still transmit loaded content to external services depending on agent behavior (not shown here).
Persistence & Privilege
The skill is not always-enabled and allows normal model invocation (defaults). It does not request system-wide persistence or modify other skills' configurations according to the provided files.
What to consider before installing
This skill appears to implement a local 'tiered recall' system and mostly behaves as described, but review and fix two issues before trusting it with real data: 1) scripts/check_index.py contains a hardcoded Windows System32 path (C:/Windows/System32/UsersAdministrator.openclawworkspace/.tiered-recall/index.json) that is inconsistent with the workspace-local model and could read unexpected files — remove or adapt that path to your workspace or delete the script. 2) The documentation mentions update-projects.py but that file is missing; expect runtime errors or incomplete features. Also: the scripts read and print local files (MEMORY.md, recent logs, project key files and previews). Although these scripts don't make network calls themselves, any sensitive data in those files could be exposed by the agent if it forwards content externally. Recommended actions: run the code in a sandbox or review/modify the scripts (remove/check hardcoded paths, add input validation, handle missing keys safely) before installing; test on a non-sensitive workspace; and prefer to keep any secrets out of the memory/ memory/ directory if you enable automated loading. My confidence is medium — the odd hardcoded path and missing file are clear red flags but do not prove malicious intent on their own.Like a lobster shell, security has layers — review code before you run it.
latestvk97dp57bgztn0w1m7b87s94dhd8441g6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.