Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, required binary (python3), and included scripts align with a local backup/key‑point extraction tool. The files operate on ~/.openclaw/workspace which is appropriate for the stated purpose. Minor mismatch: README/SKILL.md claim the skill 'generates Feishu notification' and writes logs, but the code does not implement a network notification — it only prints output to stdout.
Instruction Scope
SKILL.md and README repeatedly claim 'no subprocess/system commands' and 'no network requests', but wrapper.py uses subprocess.run to invoke the Python script (this is a system call). The documentation references a log file path (/root/.openclaw/workspace/scripts/memory_backup.log) and generation of a Feishu notification file, yet memory_backup.py does not write a notification file or a log to that path. These inconsistencies broaden the agent's allowed behavior compared to what's promised in the docs.
Install Mechanism
No install spec; code is shipped with the skill and requires only python3. No downloads or archives are fetched at install time, which is low-risk.
Credentials
The skill requests no environment variables or external credentials. File operations are confined to a single workspace path (~/.openclaw/workspace). This is proportionate to the stated function.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or modify other skill configurations. It is user-invocable and can be scheduled externally via cron; that is appropriate for a scheduled backup utility.
Scan Findings in Context
[SUBPROCESS_USAGE] unexpected: wrapper.py uses subprocess.run to invoke the bundled Python script. It's not inherently malicious, but SKILL.md and the README explicitly claim 'no system commands/subprocess', so the presence of subprocess is an inconsistency that should be clarified.
[MISSING_NOTIFICATION_OR_LOG_IMPLEMENTATION] unexpected: Documentation and SKILL.md state a Feishu notification file is generated and reference a log file path, but memory_backup.py contains no code that writes a separate notification file or the referenced log; this mismatch may be accidental or indicate stale/incorrect docs.
What to consider before installing
This skill appears to implement local backup and simple key‑point extraction as advertised, but there are mismatches between its documentation and code. Before installing or enabling it: 1) Review wrapper.py’s use of subprocess.run — if you prefer no subprocess usage, consider replacing the wrapper with a direct import and call to memory_backup.main() or run memory_backup.py directly. 2) Verify that no network/networking code exists (the shipped code is local-only) and ensure your environment policy prevents unexpected network egress. 3) Be aware the README/SKILL.md mention logs and a Feishu notification file that are not implemented; if you rely on those features, update the code. 4) Test the script in an isolated environment (container or VM) with representative workspace files and check that backups and MEMORY.md are written only under ~/.openclaw/workspace. 5) If you need stronger guarantees, run static analysis or have someone audit the code; if anything seems unclear (why subprocess is used, where notifications/logs should be), ask the author for clarification or correct the wrapper to avoid subprocess usage.Like a lobster shell, security has layers — review code before you run it.
latestvk97f9vckja8pze0rc019jtvsan82ywcz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binspython3