ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Local Memory

v0.4.2

Brain-like local memory plugin for OpenClaw — stores, searches, and injects memories with importance scoring, entity extraction, and automatic consolidation.

0· 124·1 current·1 all-time
by@flexrox
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the implementation: a local memory plugin using TF-IDF/tokenization, entity extraction and scoring, storing data under ~/.openclaw/memory/<containerTag>.json. The code uses only Node built-ins (fs, path, os, crypto) and no external services, which aligns with the 'zero-config / 100% local' claim.
!
Instruction Scope
The runtime instructions and code register hooks to auto-capture user/assistant exchanges (api.on 'before_agent_start' and 'agent_end') and to auto-inject memories (autoRecall). Significance detection explicitly flags credential-like patterns (api_key, password, token) and will capture them if they cross the significance threshold. Captured data is written to disk in plaintext; the code does not show encryption or an opt-out for credential categories beyond configurable minSignificanceScore/autoCapture. This behavior is coherent with the purpose but has privacy implications (sensitive strings may be persisted).
Install Mechanism
There is no install spec; this is effectively an instruction+source bundle. package.json shows only peer dependency on openclaw and no external package installs. No downloads or third-party registries are used.
Credentials
The skill requests no environment variables, no credentials, and no special config paths beyond its own home-dir JSON file. That is proportionate to a local memory plugin. Note: although it does not require credentials, it will scan and may persist credential-like strings from conversation content.
Persistence & Privilege
always:false and no elevated system modifications are requested. However, autoCapture and autoRecall default to true and disable-model-invocation is false, so the skill can autonomously capture and inject memories during normal agent runs — increasing privacy blast radius compared with a purely on-demand tool. Data is long-lived in the user's home directory (~/.openclaw/memory/<container>.json). The plugin sanitizes the containerTag to avoid path traversal.
Assessment
This plugin is coherent with its stated purpose and does not phone home, but it will automatically store conversation content to a JSON file in your home directory by default (and its significance detection will treat strings like api_key/password/token as worth saving). Before installing or enabling it, consider: 1) If you have sensitive info (passwords, API keys, PII), disable autoCapture (set autoCapture=false) or increase minSignificanceScore so fewer things are persisted. 2) If you must store memories, use a custom containerTag and restrict file permissions on ~/.openclaw/memory/*.json; back up/encrypt those files if needed. 3) Use local_memory_forget / local_memory_wipe to remove unwanted entries and test wiping behavior. 4) Because the skill can run autonomously and inject memories into prompts, audit what gets injected (profileFrequency, maxMemoryInjections, contextBudget) to avoid leaking sensitive context into model prompts. 5) Source/homepage are absent — you may want to review the included source code (present in the package) or only install from a trusted publisher. If you want tighter guarantees, request encryption-at-rest or opt-in-only capture from the author before using with sensitive conversations.
!
lib/store.ts:17
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk977c764113axw85s19ky50c1983wgge

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments