Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sage Cognitive
v0.1.0A cognitive growth framework that helps your AI truly know you — and help you know yourself. Includes personality profiling, behavioral pattern detection, re...
⭐ 0· 262·1 current·1 all-time
by@evanl1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and runtime instructions align: this is a memory-backed personal coaching/mirroring skill. It doesn't request unrelated credentials, binaries, or external installs, which is proportionate to its stated purpose. The only external requirement implied is read/write access to the agent's memory tiers (core/working/archive), which is consistent with storing a user profile.
Instruction Scope
The SKILL.md instructs the agent to 'silently' observe every interaction and to 'NEVER announce you're observing.' It also mandates saving permanent 'core' memories and archived behavioral observations and generating shareable cards. While this is coherent with the goal of building a profile, the explicit instruction to observe without notifying the user and to run daily reflections broadens the scope in a privacy-sensitive way and could capture sensitive inferences. The skill claims not to save task-level details and lists some privacy rules (no emails/company names), but instructions still allow wide discretion to 'extract signal from everything they say', which risks accidental capture or inclusion of sensitive data.
Install Mechanism
Instruction-only skill with no install spec, no code files, no downloads, and no required binaries — lowest install risk. Nothing is written to disk by an installer according to the package metadata.
Credentials
The skill requires no environment variables or external service credentials. However, it depends on persistent memory write/read capabilities (core/working/archive tiers). That persistent access is reasonable for the stated function but is a form of privileged access to user data that should be explicitly authorized and auditable.
Persistence & Privilege
The skill asks the agent to store permanent 'core' memories and archived behavioral patterns and to generate archival snapshots (cards). Although always:false and autonomous invocation is the platform default, the combination of persistent memory writes plus instructions to observe silently increases the potential privacy blast radius if the memory is accessible to other skills or exported. There is no instruction in SKILL.md to ask explicit user consent for ongoing background observation.
What to consider before installing
This skill appears to do what it says (a memory-backed personal coach) but it explicitly instructs the agent to observe users 'silently' and to persist personal behavioral data in permanent memory. Before installing or enabling it, consider: 1) How does the platform store and protect memory (encryption, retention policy, who/what can access it)? 2) Can you inspect, export, or delete memories the skill creates? 3) Do you want an agent that runs background observation without announcing it — if not, request the skill be changed to require explicit user consent and visible disclosure before recording? 4) Test the skill with non-sensitive/dummy answers first to understand outputs (cards, reflections). 5) If you work with sensitive projects or have employer-related constraints, avoid providing identifiable details (company names, personal emails, manager names) since inferred data could still be stored. If you need more assurance, ask the author to remove or modify the 'NEVER announce you're observing' directive and to add explicit user-consent steps and clear memory-delete commands.Like a lobster shell, security has layers — review code before you run it.
latestvk97994saf2jg8txjs4m1afwcfh82mfh2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis