ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Enhanced Memory

v1.0.0

An enhanced memory system for OpenClaw agents that replaces the default single-file MEMORY.md with a complete memory architecture: hierarchical directory org...

0· 382·1 current·1 all-time
by@fatcatmaofei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: all scripts implement filesystem-based memory organization, tag search, retrieval, and lifecycle management. No network calls or unrelated binaries/credentials are requested.
!
Instruction Scope
SKILL.md instructs the agent and operator to read/write/manage a memory directory and to run the included scripts. The scripts access and modify files on disk (archive, copy, delete original), which is expected, but the instructions are permissive about file locations and cron setup and do not tell users to verify or adapt hard-coded paths.
Install Mechanism
Instruction-only with bundled Python scripts (no external installs, no network downloads). Risk from installation is low, but runtime writes/reads are the main surface.
!
Credentials
No env vars or credentials required (good), but scripts use a hard-coded absolute path (MEMORY_BASE = /home/clawdbot/.openclaw/workspace/memory) in two scripts while the tag search script uses a relative ./memory path next to the script — this inconsistency could cause scripts to operate on different directories or unexpectedly access a host user's home directory.
Persistence & Privilege
Skill does not request always: true and does not modify other skills. However, it will read, copy, and remove files under the memory directory (file_path.unlink()), so it requires filesystem read/write/delete privilege over whatever memory path is used. That is normal for a memory manager but you should confirm the path and permissions.
What to consider before installing
This skill is coherent with its stated goal, but review and adapt before installing: 1) Fix the MEMORY path mismatch — memory_lifecycle_manager.py and memory_retrieval_strategy.py use /home/clawdbot/.openclaw/workspace/memory while memory_tag_search.py looks in a relative scripts/memory directory; decide which path is correct and update scripts to the same, configurable location. 2) Verify permissions and owner of the chosen memory directory — these scripts will read, copy, and remove (unlink) files in that directory; run them in a safe/test workspace first. 3) Note the lifecycle script copies files to archived/ then deletes the original from active dirs (so active copies are removed) — if you truly need originals preserved in-place, change the behavior. 4) Search the code for any absolute paths or name lists you don't expect (the retrieval regexes include many personal name patterns) and adjust. 5) Run the scripts locally in a sandbox or with a backup of your memory files before enabling cron or automated runs. If you want a more confident recommendation, provide the host environment layout (where your agent stores memory) so I can check exact path compatibility and a short sample of your memory directory structure.

Like a lobster shell, security has layers — review code before you run it.

latestvk974jgt966g5vqc9w8kqqqvxt981tw3h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments