ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Management (PARA)

v1.0.0

Manage and maintain memory system using the Root + PARA hybrid architecture. Use when performing memory maintenance, distilling daily logs, and updating core...

0· 324·0 current·1 all-time
by@hugo-zhu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (memory distillation using Root+PARA) match the runtime instructions: the skill reads from ~/.openclaw/workspace/memory/, extracts items, and updates USER.md, SOUL.md, TOOLS.md, IDENTITY.md, PROJECTS.md, AREAS.md, RESOURCES.md and MEMORY.md. All requested actions are consistent with a local memory-management tool.
Instruction Scope
SKILL.md explicitly directs reading, merging, appending to archive files, and deleting processed raw logs in ~/.openclaw/workspace. These actions are in-scope, but deletion of originals is destructive — the SOP requires append-then-delete; users should understand this will modify and remove raw logs after processing.
Install Mechanism
No install spec and no code files — instruction-only skill. Nothing is downloaded or written to disk by an installer, minimizing install-time risk.
Credentials
The skill declares no environment variables, no credentials, and no external endpoints. It only requires local filesystem access to the OpenClaw workspace, which is proportionate to its function.
Persistence & Privilege
always is false (default). The skill can be invoked by the agent normally; it does not request permanent/global privileges or modify other skills. Autonomous invocation is platform default but not unusually privileged here.
Assessment
This skill is coherent for local memory maintenance but will read, update, archive, and delete files in ~/.openclaw/workspace. Before installing: (1) back up your workspace (especially raw memory/YYYY-MM-DD.md files), (2) run the skill in a dry-run or test workspace to confirm routing/merge behavior, (3) review and approve the SOP for deletion/archival semantics, and (4) consider restricting autonomous runs (use manual triggers or schedule with monitoring) if you need to review changes before originals are removed. There are no signs of external data exfiltration or unexpected credential requests in the provided files.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d3secm94btwc9whrqz7b7818255fs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments