ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chaos Mind

v0.1.3

Hybrid search memory system for AI agents. Manual search and storage - auto-capture is opt-in only.

2· 1.8k·2 current·4 all-time
by@hargabyte
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (local hybrid memory, opt‑in auto‑capture) aligns with the code and config: it installs local binaries, a Dolt DB, and an optional consolidator that reads configured files. However some documentation (DEPLOYMENT_CHECKLIST, INSTALL_NOTES, README) lists default auto-capture glob patterns that target OpenClaw/agent session files; the shipped consolidator.template.yaml has sources empty by default. This mismatch could cause confusion: the ability to read agent session transcripts is coherent with the skill, but the presence of example default patterns in other docs increases privacy risk if a user enables auto-capture without reviewing config.
!
Instruction Scope
SKILL.md and other docs repeatedly instruct users to edit ~/.chaos/config/consolidator.yaml and to enable auto_capture only after configuring paths; that keeps scope narrow. But other files (DEPLOYMENT_CHECKLIST, INSTALL_NOTES, some release docs) present default example globs that reference other agents' session directories (e.g., ~/.openclaw-*/agents/*/sessions/*.jsonl). If a user enables auto-capture and reuses these examples, the consolidator will read potentially sensitive session transcripts. Also the README/INSTALL_NOTES explicitly suggest 'curl ... | bash' as an install path (remote execution) while SECURITY.md claims 'No Automatic Remote Script Execution' — that contradiction widens runtime scope and is a red flag.
!
Install Mechanism
The installer downloads pre-built tarballs from GitHub Releases (reasonable host) and falls back to building from source (git + go). Downloading from GitHub releases is acceptable, but the install.sh does not perform checksum or signature verification despite SECURITY.md claiming signed/reproducible releases and checksums are provided. Moreover, README/INSTALL_NOTES recommend curl | bash for quick install — a practice that can execute remote code without verification. The fetch+extract behavior (tar -xzf into ~/.chaos/bin) is extract=true in effect and should be paired with verification; it isn't.
Credentials
The skill requests no credentials or special env vars; required system dependencies (Dolt, optionally Ollama) are proportional to a local DB + local LLM extraction workflow. That said, the consolidator's purpose is to read local session files; while opt‑in and configured via lists, those sources can contain highly sensitive data. No cloud keys are requested, which is good, but the risk is accidental data access if users copy example globs without understanding them.
Persistence & Privilege
The skill does not force always:true; however it ships a systemd service template and a setup script that installs a persistent consolidator service (requires sudo to copy to /etc/systemd). Running that service gives long‑running background access to any paths configured in the consolidator config. This persistence is consistent with the tool's purpose but increases blast radius if misconfigured. The installer does not auto-enable the service by default (user must run setup-service.sh / systemctl enable), which is appropriate.
What to consider before installing
What to check before installing: - Do NOT run remote installers blindly. Avoid piping install scripts (curl | bash) unless you have reviewed the script. Prefer cloning the repo and inspecting install.sh first. - Review install.sh: the script downloads GitHub release tarballs and extracts them to ~/.chaos/bin but does not verify checksums or signatures. If you want stronger assurance, build from source or verify release checksums from the project release page before installing. - Auto-capture is disabled by default, but double-check ~/.chaos/config/consolidator.yaml after install and ensure auto_capture.sources is empty or only contains paths you explicitly trust. Some docs include example globs that would harvest other agents' sessions — do not copy those unless you intend to process those files. - Installing the systemd service will make the consolidator persistent and run as your user; only enable the service if you have configured safe source paths and verified Ollama/Dolt are trustworthy. - The skill does not request remote credentials, which limits cloud exfiltration risk, but it does process local files (which can be sensitive). If you have sensitive session data, keep auto-capture disabled and/or restrict filesystem permissions for ~/.openclaw*/ and ~/.chaos/. - If you need higher assurance: audit the binaries (build from source), verify release artifacts on GitHub, and review SECURITY.md claims against the actual install.sh behavior (there are contradictions).

Like a lobster shell, security has layers — review code before you run it.

latestvk97cfgpjx1nnx6apmr972y7g0980nm1y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments