Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
MemPalace Memory System for OpenClaw
v1.6.0MemPalace memory system for OpenClaw/XClaw/WorkBuddy. Archive AI conversations to local long-term storage with semantic search. Commands: /mem-arc (archive),...
⭐ 1· 337·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (local archive + semantic search) aligns with code: bundled mempalace source, mining, chunking, and ChromaDB-based search are present. However the SKILL.md repeatedly states "all paths are relative to the skill directory / no user paths exposed," while the packaged code falls back to writing/reading ~/.mempalace and other home paths unless MEMPALACE_SKILL_ROOT or related env vars are set. That mismatch is a meaningful inconsistency.
Instruction Scope
Runtime instructions tell the agent to install the bundled package locally and third-party deps, create palace_data, and run mempalace mine which recursively scans directories and indexes many file types (py/json/md/yaml etc.). The miner can thus read arbitrary files in the supplied directories. SKILL.md warns the user to avoid sensitive files, but the ability to index broad paths (and the code defaulting to home directories) expands scope beyond a narrow 'archive current conversation' task.
Install Mechanism
There is no registry install spec, but SKILL.md instructs runtime pip operations: `pip install -e ./mempalace` (local editable install) and `pip install chromadb pyyaml` (from PyPI). This will modify the Python environment unless the user runs a venv. Installing ChromaDB from PyPI is expected for the stated functionality but it's an action that changes system state and pulls third-party packages.
Credentials
The registry declares no required env/credentials, which is consistent at a glance. But the code reads/writes several env vars (MEMPALACE_PALACE_PATH, MEMP_PALACE_PATH, MEMPALACE_SKILL_ROOT) and will default to ~/.mempalace if a skill-root marker isn't present. Entity registry, config, and index files are written under home by default. That divergence between 'no env needed / local-only' and actual defaults that touch the user's home directory is disproportionate and worth noting.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. SKILL.md mentions OpenClaw's cron to auto-archive daily (runtime scheduling). The codebase includes an mcp_server.py and shell/PowerShell hooks; those files suggest potential extra runtime capabilities (local server, hook scripts) that could increase the blast radius if enabled — review those files before allowing autonomous runs or cron scheduling.
What to consider before installing
This skill appears to implement a usable local memory/archive system, but it is not a zero-risk drop-in. Before installing: 1) Run it inside a Python virtual environment (venv) so pip installs don't modify your system Python. 2) Set MEMPALACE_SKILL_ROOT to the skill directory (or MEMPALACE_PALACE_PATH) to force data to stay under the skill folder — otherwise defaults will write to ~/.mempalace. 3) Inspect the omitted/large files (mcp_server.py, the shell and PowerShell hooks) to confirm there is no unwanted network listener or extra commands executed. 4) Do not point the miner at wide or root-level folders — only pass the specific conversation/memory directory you want archived to avoid indexing sensitive files. 5) If you are uncomfortable with automatic cron scheduling, decline or disable auto-archive until you verify behavior. Additional information that would raise confidence: confirmation that mcp_server is disabled by default and the full contents of the hook scripts; otherwise treat this package as functionally coherent but operationally risky.Like a lobster shell, security has layers — review code before you run it.
latestvk97cb6schn1313n2dh0jvp9zss84fygx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.