ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chroma Memory

v1.0.1

Stores and semantically retrieves per-turn customer conversation data with auto-tagging and customer isolation using ChromaDB.

0· 66·2 current·2 all-time
by@ipythoning
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
SKILL.md and description claim ChromaDB integration and semantic (vector) retrieval; the provided chroma.mjs contains no network/DB calls, no use of chromadb or embeddings — it stores JSON files under ~/.openclaw/memory/chroma and uses simple lexical overlap + heuristics for search. The declared dependency on a 'chromadb' skill and the ChromaDB branding are therefore misleading.
!
Instruction Scope
Runtime instructions describe 'auto-called' hooks, tenant isolation via where filters, and semantic searches. The code is a standalone Node CLI that reads/writes local JSON files and does not implement semantic vector search or any hook integration. SKILL.md references HEARTBEAT triggers and OpenClaw Gateway behavior that are not visible in the code.
Install Mechanism
There is no install spec (instruction-only), which is low risk. However, the package includes a Node .mjs script but the skill metadata lists no required binaries; 'node' is effectively required to run chroma.mjs but isn't declared. Nothing in the install path downloads remote code or runs network installers.
Credentials
The skill declares no required secrets or env vars. The code reads OPENCLAW_HOME or HOME and optionally CRM_SNAPSHOT_DATA (used for snapshot piping) — these env vars are not documented in requires.env. None are sensitive credentials, but CRM_SNAPSHOT_DATA could contain bulk CRM data and is not flagged as a required/optional env var in the metadata.
Persistence & Privilege
always:false and normal invocation. The code writes persistent files into the user's HOME (or OPENCLAW_HOME) under a .openclaw/memory/chroma path and will create directories and many JSON files. It does not modify other skills or system-wide settings, but it does persist potentially sensitive conversation data on disk.
What to consider before installing
The core issue is mismatch: the skill promises ChromaDB-backed semantic vector memory but the bundled code implements only local JSON storage and lexical ranking. Before installing, decide whether you want a local file-based memory (this code) or true ChromaDB/vector embeddings. If you accept local storage, confirm where files will be written (OPENCLAW_HOME or HOME), whether data-at-rest is encrypted, retention/cleanup policies, and whether phone numbers/PII are acceptable to store on disk. If you expect a ChromaDB integration, ask the publisher to provide the real connector or remove the misleading claims. Also note the script requires Node.js to run (not declared) — inspect and test the code in a sandbox with non-production data first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97czkp2qxhypqa9zaagpvkg51848bna

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments