ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Remember

v1.0.0

Curate persistent memory that actually helps. Filter what matters, organize by function, decay what doesn't.

2· 1.3k·11 current·11 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the content: SKILL.md and companion files provide a coherent memory-curation policy and file layout. There are no unrelated requirements (no env vars, no binaries, no install).
Instruction Scope
The instructions explicitly describe persistent storage layout (memory/*.md, contexts/, archive/) and give rules for recording, pruning, and contradiction handling. They do not instruct network exfiltration or access to unrelated system files, but they do recommend categories that can contain sensitive data (health.md, environments.md with 'keys locations'). The skill assumes the agent will persist and manage files; confirm the runtime's actual persistence behavior and safeguards.
Install Mechanism
Instruction-only skill with no install spec and no code files. Lowest install risk — nothing is written to disk by the skill itself beyond what the agent runtime chooses to persist.
Credentials
The skill requests no environment variables or credentials (proportionate). However, the recommended categories include privacy-/security-sensitive topics (health, server/key 'locations'), so the absence of declared secrets doesn't eliminate the risk that the agent will be asked to store secrets or PII—confirm policies for storing or refusing such data.
Persistence & Privilege
always:false and normal autonomous invocation. The skill encourages long-lived memory entries and retention/archiving rules; that is coherent for a memory tool. Still, long-lived autonomous memory increases potential data accumulation—verify retention, encryption, user control (explicit 'forget' and 'never remember') are enforceable by the runtime.
Assessment
This skill is a content/format guide for persistent memory and appears coherent, but before installing you should: (1) ask where the agent will store these memory files (local disk, cloud, vendor-managed DB); (2) confirm whether stored memory is encrypted and who can access it; (3) verify the agent enforces explicit 'forget' / 'never remember' rules and a clear deletion/archival policy; (4) avoid instructing the agent to store raw secrets (API keys, passwords, private health data) — if you need to store such info prefer storing metadata or secure references only; (5) test with non-sensitive examples to confirm behavior. If the runtime cannot guarantee secure storage or user-controlled deletion, treat persistent memory as high-risk and consider not enabling this skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97018qrnpa4qexvh6p7sraw9h80y79f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments