Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Agent Sleep
v1.1.0Agent 睡眠系统 - 记忆整合、日志归档、工作区清理(支持 CortexGraph)
⭐ 0· 630·3 current·3 all-time
byGuohongbin@guohongbin-git
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The README/SKILL.md claim Deep Sleep, archival, CortexGraph sync, scheduling, and integration with other skills, but the included code only implements a trivial light sleep reader (scripts/run_sleep_cycle.py) and a 'note' helper. CortexGraph behaviour, archive/move operations, schedule/sleep_status scripts, and the promised semantic compression are absent. Several references point to non-existent files/paths (e.g., sleep_status.py, schedule.py, src/run_sleep_cycle.py). This mismatch suggests the manifest/documentation are out-of-sync with the implementation.
Instruction Scope
SKILL.md and AGENT.md instruct reading/writing memory/YYYY-MM-DD.md, appending to MEMORY.md, moving logs to memory/archive/, deleting temp files, and scheduling cron jobs. The actual run_sleep_cycle.py only reads a daily file from ~/.openclaw/workspace/memory and prints stats — it does not perform archival, append to MEMORY.md, apply forgetting curves, or call CortexGraph. The instructions therefore ask the agent to manipulate files and schedules that the code does not implement; following the docs blindly could result in missed operations or unintended file access if modified.
Install Mechanism
This is an instruction-only skill with no install spec; nothing is downloaded or installed automatically. That limits immediate supply-chain risk. However, shipped scripts will run if the user invokes them locally.
Credentials
No required env vars are declared, yet SKILL.md suggests CORTEXGRAPH_* environment variables for CortexGraph integration — those are optional in docs but not used in code. More importantly, scripts/note.py contains a hard-coded absolute path to /Users/guohongbin/mcp-note-taker/notes.txt and will append to that file if present. That is disproportionate and fragile: it assumes another user's path and will write to an unrelated location without configuration, which is unexpected for this skill.
Persistence & Privilege
The skill is not always:true and does not request elevated platform privileges. It does not modify other skills' config in the provided code. The main risk is local file I/O performed by scripts when run.
What to consider before installing
Do not install or schedule this skill for automatic runs until the author clarifies and fixes inconsistencies. Specific concerns to resolve before use: 1) Missing/incorrect files referenced in SKILL.md/README (sleep_status.py, schedule.py, src/*) — ask for a corrected, minimal feature set. 2) The run_sleep_cycle.py provided only implements a non-destructive 'light' routine; confirm and review implementations for 'deep' and 'cortexgraph' modes before trusting archival or deletion behavior. 3) Remove or make configurable the hard-coded path in scripts/note.py (/Users/guohongbin/...) — it will write to another user's directory if present; require a configurable NOTES_PATH. 4) Ensure any file-moving or deletion operations are explicit, reversible (use archive/ and safe backups), and operate only inside the agent's workspace. 5) If you plan to enable CortexGraph sync, require and validate explicit CORTEXGRAPH credentials/paths (don't rely on implied environment variables). 6) Run this skill in a sandbox or inspect/execute the scripts manually with a test workspace before granting it access to your real agent data or scheduling it.Like a lobster shell, security has layers — review code before you run it.
latestvk971q9bea060brttnq3mjjv0hd81e3gy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛌 Clawdis