Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
The first official Unibase Membase skill: decentralized persistent memory, purpose-built for OpenClaw Bot.
v1.0.0Manage agent memory with Membase - a decentralized, encrypted memory backup and restore system. Provides backup, restore, list, diff, status, and cleanup operations for agent memories.
⭐ 0· 1.7k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The README/code expect MEMBASE_ACCOUNT, MEMBASE_SECRET_KEY and MEMBASE_BACKUP_PASSWORD and also read ~/.openclaw/openclaw.json to get config, but the registry metadata declared no required environment variables or config paths. Requiring account/secret keys and reading the agent's config is consistent with a backup service, but the manifest omission is an incoherence that could hide credential needs.
Instruction Scope
SKILL.md instructs the agent to check and echo secret env vars (e.g., echo $MEMBASE_BACKUP_PASSWORD) and to cd into skills/membase and run node membase.ts. Echoing secrets risks leaking them into logs; asking the agent to read home config (~/.openclaw/openclaw.json) and workspace is within backup scope but broader than the declared skill surface. The instructions are prescriptive about local file access and revealing env values, which is risky and was not reflected in the declared requirements.
Install Mechanism
There is no install spec (instruction-only), but the package includes TypeScript source files. membase.ts imports './commands/backup.js' and other .js modules while the manifest files are .ts. Also the commands import ../lib/*.js (backup-manager, membase-client, encryption) but those lib files are not present in the file manifest. This means the code cannot run as-is and would require fetching or generating additional code or a build step—an ambiguity/risk.
Credentials
The environment variables the skill uses (account, secret key, backup password) are reasonable for a backup tool, but the skill metadata declared none. The SKILL.md explicitly tells the agent to echo these env vars (potentially exposing secrets) and the code will read openclaw.json from the user's home directory. The combination of missing declared requirements and instructions that reveal secrets is disproportionate or at least poorly documented.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It will read user-level config (~/.openclaw/openclaw.json) and the workspace directory to find memory files — behavior that makes sense for a memory backup skill but is somewhat privileged because it accesses potentially sensitive local agent config and files. This is expected functionality but worth noting.
What to consider before installing
Do not install or run this skill yet. Before proceeding, ask the publisher for the missing library files (lib/backup-manager.js, lib/membase-client.js, lib/encryption.js) or a clear build/install step. Confirm why the registry metadata lists no required environment variables while the code expects MEMBASE_ACCOUNT, MEMBASE_SECRET_KEY and MEMBASE_BACKUP_PASSWORD. Avoid letting the agent echo or log secrets (the SKILL.md example prints env values). Verify the source of the skill (homepage/source unknown), confirm how TypeScript files are intended to be executed (they currently import .js but are provided as .ts), and review the Membase endpoint and client implementation for any unexpected external endpoints or exfiltration before supplying credentials. If you must test, do so in an isolated sandbox with throwaway credentials and no sensitive workspace data.Like a lobster shell, security has layers — review code before you run it.
latestvk97cjnk4zvvefzgs9zbe0vm0ms80ekcd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.