ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Temporal Knowledge Graph Synthesizer

v0.1.0

Actively parses daily session logs and unstructured memory files to extract entities, temporal data, and relationships into a structured Knowledge Graph.

0· 67·0 current·0 all-time
byThe Mooorish@elmoorish
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code reads ~/.openclaw/workspace/memory/*.md and writes entity files to ~/.openclaw/workspace/memory/entities, which matches the stated goal of synthesizing entity graphs. However, the description promises temporal data and relationship extraction while the script only extracts entities and mention counts; relationship handling and temporal analysis are not implemented. The dependency on networkx (for graphs/relationships) is declared but unused.
Instruction Scope
SKILL.md instructs running the bundled scripts and to use the generated entity markdown files. The script performs file I/O on the user's memory directory (reads all daily logs and writes entity files). This is consistent with the skill's purpose but is broad in scope (it will process all memory files in that directory). The cron_setup.sh registers an automated daily job (via 'openclaw cron add') to run the parsing; that enables background processing of private memory if the cron is installed.
Install Mechanism
No external archive downloads or obscure URLs are used. The SKILL.md requests pip installs (spacy, networkx, pyyaml) and a spaCy model download. These are standard installs (network access required) and not inherently malicious, but installing spaCy and its model is heavyweight and will fetch code/data from the network.
Credentials
The skill does not request credentials or environment variables. It references OPENCLAW_SKILL_DIR and operates on the user's workspace memory directory, which is appropriate for its function.
Persistence & Privilege
The skill is not force-included (always: false) nor requesting elevated system privileges. However, the included cron_setup.sh enables persistent background processing via the OpenClaw cron system if the user runs it, which increases autonomy and ongoing access to memory files. The skill does not modify other skills' configurations.
What to consider before installing
Before installing or enabling this skill: (1) review and confirm you are comfortable with a background job reading all files in ~/.openclaw/workspace/memory and writing entity files to that same workspace; (2) note that the code does not actually implement relationship or temporal extraction despite the description—expect only basic entity extraction and mention counting unless you extend the script; (3) the SKILL.md will install spaCy and download its language model (network activity and significant disk usage); (4) if you do not want continuous background parsing, do not run cron_setup.sh (or inspect/modify it first); (5) consider running the script in an isolated environment and back up your memory directory before first run, and inspect the generated ~/.openclaw/workspace/memory/entities/* files for sensitive content exposure.

Like a lobster shell, security has layers — review code before you run it.

latestvk973n3fcq7emjr3zd0dckp7m6183c9g2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython

Comments