Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Triple Memory Lake
v1.1.0Quad-layer memory system integration - unifies OpenClaw, Claude Code, and self-improving agent memories into a single knowledge lake
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Overall purpose (unify Claude Code and self-improving agent data into a memory lake and mine patterns) aligns with the included scripts. However: the skill is named 'Triple Memory Lake' while the description and SKILL.md describe a 'quad-layer' system (minor naming inconsistency). More importantly, SKILL.md and the directory layout advertise OpenClaw daily logs as a source (memory/sources/mine/), but there is no script that actually syncs OpenClaw daily logs — only self-improving metrics (~/.openclaw/agents/*/metrics.json) and Claude Code sessions (~/.claude/projects/*/sessions/*.jsonl) are implemented. This mismatch between claimed sources and implemented syncing is an incoherence the user should be aware of.
Instruction Scope
SKILL.md and the scripts instruct the agent to read and copy files from hidden user directories (~/.claude and ~/.openclaw) into the skill's own memory/ directory. That is coherent with the stated purpose, but it is privacy-sensitive: user conversations, session logs, and agent metrics may contain secrets or PII and will be duplicated inside the skill workspace. The SKILL.md cp examples and the sync scripts do not filter or redact sensitive fields before copying.
Install Mechanism
Instruction-only with included Python scripts; there is no installer or external download. No network endpoints, package installs, or archive extraction are used. This is low-risk from an installation supply-chain perspective.
Credentials
The skill requests no environment variables or credentials which is proportionate. However, it accesses user-local files under the home directory (~/.claude and ~/.openclaw). While those accesses are relevant to the skill's goal, they are effectively privileged because they duplicate user-private data into the skill folder; the skill does not declare or warn about this in its metadata.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It runs as user-invocable and can be invoked autonomously by agents per platform defaults; combine that with the file-access behavior when deciding whether to allow autonomous runs.
What to consider before installing
This skill will copy files from your home directory (~/.claude and ~/.openclaw) into a local memory/ folder and then process them to extract patterns. Before installing or enabling autonomous execution: (1) Inspect the memory/ and scripts locally to see exactly what will be copied and generated. (2) Consider running the sync scripts manually in an isolated environment (or container) first to review outputs and ensure no secrets are being copied. (3) If you do want this behavior, restrict execution to manual invocation or audit the files to redact secrets; if you expect OpenClaw daily logs to be synced, note that the skill currently lacks a script for that and may not be doing what you expect. (4) If you are uncomfortable with duplicating potentially sensitive logs, do not enable autonomous invocation and consider removing or modifying the scripts to filter/redact sensitive fields before saving.Like a lobster shell, security has layers — review code before you run it.
latestvk97aam1vs7drp6t119bweapg2x842vcr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.