Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Conversation Memory Sync
v1.0.0Automatically syncs and maintains detailed conversation logs and activity digests across agent sessions for persistent memory and context recall.
⭐ 0· 137·0 current·0 all-time
by@harvnk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description promises two Python scripts that auto-generate CONVERSATION_LOG.md and ACTIVITY_DIGEST.md, but the skill bundle contains no code files. That is a core mismatch: the claimed capability depends on scripts that aren't included. The declared requirements (no env vars, no binaries) don't acknowledge the need to obtain or trust external scripts.
Instruction Scope
The runtime instructions tell operators to write files into every agent workspace, add cron jobs that run every 30 minutes, and update each agent's SOUL.md/AGENTS.md so agents read the logs at startup. These actions modify other agents' behavior and require access to session transcript files (~/.openclaw/agents/*/sessions/*.jsonl). Instructions also claim to capture all user↔agent messages (Telegram, Discord, etc.). The SKILL.md does not show how sensitive data is filtered, protected, or transmitted — or where to get the missing scripts — granting broad, persistent access to conversation data.
Install Mechanism
This is instruction-only and has no install spec — lowest risk from automatic code download. However, because it depends on external Python scripts that are not bundled, the operator would need to obtain them from elsewhere, which introduces manual-install risk not covered here.
Credentials
No environment variables, credentials, or special binaries are requested, which aligns with a logging/formatting task. However, the instructions reference reading OpenClaw session files at ~/.openclaw/agents/*/sessions/*.jsonl and writing per-agent CONVERSATION_LOG.md and SOUL.md changes; that implies access to potentially sensitive files and agent config, which should be explicitly acknowledged and justified.
Persistence & Privilege
The skill recommends adding cron jobs and editing each agent's SOUL.md/AGENTS.md to make agents always read the produced logs at session start. While always:false (not force-installed), these recommended changes give the skill lasting influence over agent behavior across sessions and agents. The skill asks operators to make system-wide or multi-agent configuration changes without providing the actual scripts or safeguards.
What to consider before installing
Do not install or deploy this as-is. The SKILL.md promises two Python scripts but none are included — you would need to obtain those scripts from an external source before anything runs. Before proceeding, ask the publisher for the exact script sources and review their code for data exfiltration, network calls, and unsafe file handling. Consider these specific checks: 1) Inspect the scripts for any network transmission (HTTP, SMTP, etc.) or secret-reading behavior; 2) Verify filtering and redaction of sensitive content (credentials, PII) before logs are written; 3) Avoid blindly editing SOUL.md/AGENTS.md for all agents — prefer a limited pilot and explicit opt-in per agent; 4) Run the scripts in a sandboxed account with strict file permissions and no outbound network when first testing; 5) Prefer encrypted, access-controlled storage for logs and set retention policies; 6) If you cannot obtain or audit the scripts, do not add the cron job or change agent start-up configs. These steps will reduce risk before trusting persistent conversation logs.Like a lobster shell, security has layers — review code before you run it.
latestvk97ab120nhhq20mm701nmwsbb5836xpb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.