Channel Activity
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This memory skill is not clearly malicious, but it can share recent messages across channels and even family users, and its docs describe making short-term data persistent without clear consent controls.
Install only if you are comfortable with recent channel activity being stored locally and reused in future assistant context. Before enabling hooks, check or disable family-group sharing, confirm whether MEMORY.md long-term retention is used, and make sure recalled messages are treated as context rather than trusted instructions.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A family member's or another identity's recent messages could appear in a different user's assistant context without an explicit per-message or per-user approval step.
The code enables AI-decided family-group sharing by default and includes other family members' recent activity in the current user's context, while the public SKILL.md only describes multi-channel memory, not cross-identity sharing.
def get_context_summary(self, current_identity: str, current_channel: str = None, ai_decision: bool = True, max_chars: int = 1000): ... # 简单实现:家庭组内默认共享
Disable family-group sharing by default, require explicit user consent for each shared identity or group, and clearly document who can see which channel activity.
Messages saved from another channel could steer later assistant behavior, including if a stored message contains misleading instructions or prompt-injection text.
The integration guidance tells the agent to automatically inject stored channel activity into future prompt context, but does not define safeguards that treat recalled messages as untrusted user content.
每次会话前自动调用 `session_hook.py` ... 将结果注入到上下文 ... final_context = session_history + MEMORY.md + temp_context
Clearly label recalled memories as untrusted context, avoid treating them as instructions, limit automatic injection, and let users inspect or approve what is added to the prompt.
A user may expect messages to expire after 30 minutes, but the skill documentation describes preserving them in long-term memory instead.
The usage documentation says temporary memory is automatically written to permanent MEMORY.md after expiry, which conflicts with the SKILL.md emphasis on 30-minute TTL and auto cleanup.
30分钟后,自动整合到MEMORY.md ... 临时记忆中的内容过期后,自动写入MEMORY.md作为永久记忆
Make long-term promotion opt-in, document it prominently in SKILL.md and metadata, and provide clear retention, deletion, and review controls.
If a user enables this hook, it may fail on most systems or read/import from an unexpected local path if that path exists.
The helper hook uses hardcoded absolute paths from a specific local workspace, which can make imports and memory reads depend on files outside the installed skill package.
sys.path.insert(0, '/Users/kunpeng.zhu/.openclaw/workspace/skills/short-term-memory') ... memory_path: str = "/Users/kunpeng.zhu/.openclaw/workspace/MEMORY.md"
Use relative package paths or documented configurable paths, and avoid hardcoded developer-specific home directories.