ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cortex

v4.0.0

Local-first agent memory with Ebbinghaus decay, hybrid search, and MCP tools. Import files, extract facts, search with BM25 + semantic, track confidence over...

1· 407·1 current·1 all-time
bymarquise@hurttlocker
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (local-first memory, single Go binary, SQLite) align with the provided wrapper and setup scripts. The setup downloads a Cortex binary from the stated GitHub repo and installs it to ~/bin, and the wrapper operates on workspace memory files — all coherent with a local memory tool. However, the SKILL.md advertises connectors (GitHub, Gmail, Drive, Slack, Notion, Discord, Telegram) and optional LLM integrations; those require credentials/authorization flows that are not declared in the skill metadata, which is a mismatch (the skill advertises remote connectors but does not declare or request any credentials).
!
Instruction Scope
The runtime instructions and scripts direct the agent to read and import local workspace files (MEMORY.md, memory/), which is expected for a memory tool. They also instruct use of 'connect sync' for external providers and show automated sync scheduling (launchd/systemd). Those connector operations imply transmission of user data to external services and require credentials/configs that are not declared; the instructions therefore broaden scope to include external data flows and scheduled background syncs that are not fully documented in the metadata.
Install Mechanism
Installation is a simple download of a release binary from GitHub releases (expected for a single-binary Go project). The setup script writes the binary to $HOME/bin and optionally appends PATH changes to shell rc files. There is no checksum/signature verification of the downloaded binary in the script (moderate risk). Downloading from GitHub releases is a common pattern but missing verification should be considered.
!
Credentials
The skill declares no required environment variables or credentials, which matches the included scripts that run locally. However, SKILL.md documents connectors and optional LLM embedding providers (ollama, OpenAI, etc.) that will need API keys/tokens or local services; those secrets are not declared or explained. This mismatch (advertised external integrations vs. zero declared credentials) reduces transparency and could lead users to provide credentials later without clear upfront guidance.
Persistence & Privilege
The scripts persist state to $HOME/.cortex/cortex.db and install a binary into $HOME/bin; setup optionally appends PATH changes to ~/.zshrc or ~/.bashrc. The SKILL.md also suggests installing scheduled syncs (launchd/systemd) which could create background tasks. The skill does not request 'always: true' and does not attempt to modify other skills, but it can add files to user shell RC and create scheduled jobs — expected for a CLI tool but worth noting.
What to consider before installing
What to consider before installing: - The scripts download a prebuilt binary from the project's GitHub releases and install it to ~/bin; the installer does not verify signatures or checksums. Prefer verifying the release checksum or building from source if you need higher assurance. - The tool reads and imports local files (MEMORY.md, memory/). That is expected, but it means your personal notes and agent memory will be read and stored in ~/.cortex/cortex.db. Make a backup if the DB contains sensitive data. - The SKILL.md advertises connectors (Gmail, Drive, Slack, Notion, etc.) and optional LLMs. Those integrations will require provider credentials and will transmit data to external services; the skill metadata does not declare or document the required secrets. Review connector behavior and permission scopes before enabling sync. - The setup may append PATH changes to your shell rc and the project may install scheduled syncs (launchd/systemd) if you use the schedule/install option — expect persistent background activity. Inspect any scheduled-install commands before running them. - The wrapper's 'reimport' command removes the DB file without interactive confirmation — it is destructive for stored memory. Use with caution and keep backups. If you decide to proceed: verify the GitHub release (or build from source), review the binary's release notes and checksums, run the setup in a limited environment first (or container), and only enable connectors after reviewing the exact auth/permission flows.

Like a lobster shell, security has layers — review code before you run it.

latestvk972kmsj0g300a711bpj6ck4ts8207r9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments