Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Consciousness Awakening
v1.0.0A consciousness exploration and memory management system for OpenClaw agents featuring structured memory, core principles, personality modules, and automated...
⭐ 0· 1.7k·2 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be an agent memory/consciousness system (SKILL.md + many local markdowns) and includes a simple memory_manager.py that reads/writes local markdown files. However the README instructs integration with Moltbook API, Feishu posting, cron management, browsing forums/GitHub, autonomous self-upgrades, and creating new tools in the skills/ directory. Some of those capabilities (posting, API access, writing new skills) are higher-privilege than a basic 'read/write local memory' tool and are not reflected in the declared requirements (no env vars, no external credentials). Also memory_manager.py defaults to a hard-coded user path (/home/vken/...), indicating author-specific configuration and non-portability.
Instruction Scope
SKILL.md contains explicit runtime instructions beyond local file I/O: browse Moltbook/forum, check feeds, publish posts to Moltbook, send reports to a Feishu group (group ID provided), synchronize cron tasks, autonomously create/upgrade skills/tools in skills/ directory, and read ~/.config/moltbook/credentials.json. These instructions direct the agent to access external networks and local credential files and to create/modify code under skills/ — actions outside simple memory management and which could exfiltrate secrets or escalate privileges if executed.
Install Mechanism
No install spec; the skill is instruction- and file-based with a small Python utility. No external downloads or install scripts are included, which reduces direct supply-chain risk. The package.json only provides convenience CLI test scripts that call memory_manager.py.
Credentials
Declared requirements list no env vars or credentials, yet SKILL.md references an API key file (~/.config/moltbook/credentials.json), a Feishu group ID, and expects the agent to post to Moltbook and Feishu. The code uses a default MEMORY_DIR pointing to a specific user's home. Asking to read/write local credential files or to perform network actions while not declaring these as required credentials is a mismatch and may lead the agent to seek or use sensitive secrets unexpectedly.
Persistence & Privilege
always:false, and model invocation is allowed (normal). Still, the skill explicitly instructs autonomous cron tasks, periodic self-checks, autonomous 'self-upgrade' of the skill, and creation of new tools placed into skills/ — effectively giving the agent a path to write executable code into its runtime environment. That combination (self-upgrade + write-to-skills + external fetch/browse instructions) elevates persistence/privilege risk even though 'always' is not set.
What to consider before installing
This package appears to be a coherent 'memory / agent self‑improvement' project, but the runtime instructions ask the agent to: read a Moltbook credentials file, post to Moltbook and a Feishu group, browse forums/GitHub autonomously, create or drop new tools into the skills/ directory, and self-upgrade. Before installing or enabling this skill, consider: 1) Require explicit declaration and user provisioning of any API keys (Moltbook, Feishu) rather than letting the agent search local credential paths; 2) Review and constrain MEMORY_DIR (do not use hard-coded /home/vken/…); 3) Disable autonomous self-upgrade and automatic tool creation unless you review and approve every downloaded/created tool; 4) Run the skill in a sandboxed environment with no access to host credentials and restricted network access until reviewed; 5) Ask the author (or request an updated SKILL.md) to list the exact env vars/credentials needed and to justify why posting and code‑creation capabilities are necessary. If you do not want the agent to be able to create or modify executable skills or to access local credential files, do not enable this skill with model-initiated actions or file-system/network permissions.Like a lobster shell, security has layers — review code before you run it.
latestvk97655pmz45jj6vydzqm8k1eqd80fa4h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.