ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Memory Dna V5

v5.1.3

Agent Memory DNA v5.1 - 确定性记忆 + 世界模型 (语义体素/影子模式/MRS审计)

0· 80·0 current·0 all-time
by@groaries
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (deterministic agent memory) align with the included Python modules (node manager, graph engine, voxel engine, contract router, CLI). Functionality requested (local data storage under a data/ directory, deterministic graph retrieval) is consistent with purpose.
Instruction Scope
SKILL.md shows how to import and run the included Python modules and the CLI; instructions operate on local repo data directories and do not ask for unrelated system files or credentials. However several referenced modules (genome_core, event_logger, auto_maintenance) are present only partially or truncated in the supplied manifest, so the full runtime behavior cannot be confirmed.
Install Mechanism
No install spec is provided (files run as local Python scripts). That limits remote-install risk but means the code is executed directly from the skill bundle. The code conditionally imports third-party libs (tiktoken, networkx) but falls back safely; no external download URLs or installers are present.
Credentials
The skill requests no environment variables or credentials and primarily reads/writes under a local data/ directory. There are no obvious requests for unrelated secrets or config paths.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It writes local state into a data/ folder (nodes/, edges/, contracts/), which is expected for a memory system; this is persistent storage but scoped to the skill's data directory.
What to consider before installing
This package appears to implement the described deterministic agent memory system and does not request credentials or network access in the shown code. However: 1) Several referenced files were truncated/omitted in the bundle—those could contain network calls, telemetry, or code execution paths. 2) The skill will write and read local files under a data/ directory (nodes/, edges/, contracts/), so run it in a sandbox or a controlled directory first. 3) Inspect any omitted files (genome_core, event_logger, auto_maintenance, and the remaining truncated files) for outbound network calls, subprocess execution, or hidden endpoints before using with sensitive data or live trading. 4) If you plan to integrate with live systems (APIs, trading), require an explicit security review and consider running in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

agent-memoryvk97capvy6b6j4kq95ty25yj9pn84gyphcangjie-protocolvk97capvy6b6j4kq95ty25yj9pn84gyphcopawvk97capvy6b6j4kq95ty25yj9pn84gyphlangchainvk97capvy6b6j4kq95ty25yj9pn84gyphlatestvk97dahnpjh1azj42agvjn57czd84jmbememory-systemvk97capvy6b6j4kq95ty25yj9pn84gyphzero-hallucinationvk97capvy6b6j4kq95ty25yj9pn84gyph

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments