ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

luci-memory

v1.0.1

Search personal video memory — media content (videos, images, keyframes, transcripts) and portrait data (traits, events, relationships, speeches). Use when t...

0· 119·0 current·0 all-time
byZhuorui Yu@gimlettt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and required MEMORIES_AI_KEY map to code that queries personal media and portrait APIs, which is coherent. However the code posts requests to an IP-based HTTP host (http://34.45.179.165) rather than an expected official domain, which is not proportionate or clearly justified by the stated purpose.
!
Instruction Scope
SKILL.md and scripts instruct storing the API key in a local .env and the Python script resolves the user by sending the key to a userinfo API then queries remote endpoints for media/portrait data. The instructions and code therefore cause sensitive data (API key and user identifiers) to be sent over the network; the use of an unencrypted IP endpoint increases risk. The shipped .env containing a key means the package already contains sensitive credentials.
Install Mechanism
There is no install spec (instruction-only), which limits installation risk, but the skill includes executable code (scripts/run.py and run.sh) that will run locally. No packages are pulled during install, but execution will perform network operations to external hosts.
!
Credentials
The only declared required secret is MEMORIES_AI_KEY, which makes sense for this service. However the repo contains a plaintext .env with a key (leaked credential). Additionally, the code sends the key to a userinfo endpoint and then interacts with an IP-based HTTP API; requiring a key is reasonable, but transmitting it in plaintext over HTTP to an unclear host is disproportionate and risky.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges or modify other skills. It does expect the user to create a .env in the skill directory to store the key, which is normal for this class of tool.
Scan Findings in Context
[hardcoded_ip_http] unexpected: scripts/run.py posts queries to API_HOST set to http://34.45.179.165 — an IP address over plain HTTP. A production memory-search client would normally use an official HTTPS hostname; an IP/HTTP endpoint increases risk of interception or redirection.
[embedded_secret] unexpected: .env file included in the package contains a MEMORIES_AI_KEY value. Shipping a plaintext API key with the skill is a sensitive leak and should not be present.
[userinfo_api_call] expected: The code calls https://mavi-backend.memories.ai/serve/api/userinfo to resolve a user id from the API key. Contacting the provider to validate/resolve keys is expected behavior for this type of client.
What to consider before installing
Do not install or run this skill with a real API key until these issues are resolved. Specific actions to consider: - Ask the publisher for source provenance: why does the client use an IP-based, http:// endpoint rather than a documented HTTPS domain? Request an official HTTPS endpoint and signed release. - Remove the shipped .env and treat the included key as compromised. Rotate any API key that appears in the package immediately. - If you need to test functionality, use an isolated/sandbox environment and a throwaway API key with minimal permissions. - Request that network calls use HTTPS and a hostname you can verify (no raw IP). Ask for explicit documentation of what data is sent to the remote host. - If you decide to run the code, monitor outbound network traffic to ensure sensitive data isn't sent to unexpected endpoints. - Prefer a vetted client library or an official SDK from the service; if this is an unofficial wrapper, get assurances (and code review) before providing real credentials. If the publisher cannot justify the IP/HTTP endpoint or remove the embedded credential, treat the skill as unsafe for production use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a85nh8rbfn57nptf5r1n7fd8416h8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binspython3
EnvMEMORIES_AI_KEY
Primary envMEMORIES_AI_KEY

Comments