ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Correlation Memory Search

v2.1.0

Correlation-aware memory search plugin for OpenClaw — automatically retrieves related decision contexts when you query memory. Zero external dependencies. In...

0· 70·0 current·0 all-time
byaustrian_guy@ether-btc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The stated purpose (fetch correlated memory contexts) is consistent with the repo contents (rules, examples, tools). However the docs/changelog mention webhooks, heartbeat integration and an included surfacing script (correlation-surfacing.sh) which implies proactive scanning and possible network/webhook interactions — this contradicts the SKILL.md/README assertion of 'no network' and 'zero external runtime dependencies'.
!
Instruction Scope
SKILL.md instructs cloning from GitHub and running npm install and installing as an OpenClaw plugin (expected). But the docs recommend heartbeat integration that invokes a provided script periodically (surfacing on every N heartbeats) which expands runtime behavior beyond just responding to explicit memory queries. Uninstall.sh edits OpenClaw config (writes) and accepts OPENCLAW_CONFIG_PATH — SKILL.md claimed 'read-only local file operations' for runtime, but the bundled scripts do perform writes (during uninstall) and the plugin repository contains scripts that read session context. The instructions also claim no env var usage while some scripts/docs mention environment variables and the uninstall script accepts one.
Install Mechanism
There is no platform-provided install spec in the registry, but SKILL.md instructs users to git clone https://github.com/ether-btc/openclaw-correlation-plugin.git and run npm install. GitHub is a common host and not inherently suspicious, but any git+npm install downloads code to disk and pulls packages from npm (package-lock.json is present). The skill's text claims 'zero external runtime dependencies' and that npm will only pull a peer dependency and devDeps — this should be verified by inspecting package.json / package-lock.json to confirm there are no runtime dependencies or postinstall scripts.
!
Credentials
Registry metadata lists no required env vars, and SKILL.md claims no credential or env access. But multiple docs reference environment variables: uninstall.sh honors OPENCLAW_CONFIG_PATH, CHANGELOG references 'Secrets via environment variables (not hardcoded)', and production docs talk about heartbeat scripts that will read session context (which may contain secrets). These contradictions mean the claim of 'no env/credential access' is not fully supported by the repo metadata; inspect code for process.env usage and any code that reads credential/config files.
Persistence & Privilege
The skill is not force-installed (always: false) and uses normal plugin lifecycle; it doesn't request global privileges in the registry metadata. However the repository encourages placing a surfacing script into your heartbeat loop (proactive periodic execution) and includes an uninstall script that modifies ~/.openclaw/openclaw.json — both behaviors increase runtime presence compared with a purely on-demand tool. This is explainable for this plugin's purpose but worth confirming you want periodic surfacing.
What to consider before installing
This package largely appears to implement the stated correlation-memory feature, but there are notable contradictions you should verify before installing: - Inspect index.ts (and any scripts under scripts/ or the repo root) for any network calls (http(s), WebSocket, fetch, axios, node 'net' or 'http' usage), webhook endpoints, or process.env access. The CHANGELOG mentions webhook HMAC behavior which conflicts with the 'no network' claim. - Open package.json and package-lock.json: confirm runtime dependencies are only the OpenClaw SDK peer dependency (and that npm won't pull unexpected runtime packages or postinstall scripts). Look for postinstall/postinstall scripts or unusual install hooks. - Grep the repo for suspicious strings: 'fetch(', 'require("http"', 'process.env', 'https://', 'WEBHOOK', 'HMAC', 'ssh', 'curl', 'scp', or IP addresses. If you find network code, identify where and why it runs (startup vs opt-in debug path). - Review uninstall.sh to understand exactly what it writes/backs up and whether you consent to those modifications. Test uninstall in a sandbox or staging OpenClaw config first. - If you require a strict 'no-network, no-environment' guarantee, do not install until index.ts and scripts are audited and you confirm no outbound network or secret-reading behavior. - Prefer installing from an authenticated source: verify the GitHub repo owner, check commit history/signatures, and validate the package contents (SHA) if available. The registry metadata lacks a homepage and source verification which lowers trust. If you want, I can: (1) show a prioritized checklist of exact grep commands to run locally, or (2) analyze the index.ts and uninstall.sh contents here if you paste them (or allow me to extract specific parts) and report any network/env/file-write operations I find.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cf5mqq3w4bf7xe4pm48t31s84wz6c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments