ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Graph-RAG Memory

v0.1.0

Graph-RAG memory system using Graphiti temporal knowledge graph + FalkorDB + local Ollama embeddings. Provides persistent, queryable long-term memory for Ope...

0· 50·0 current·0 all-time
by@jebadiahgreenwood
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code and instructions: the package wires Graphiti + FalkorDB + Ollama embeddings, exposes ingest/query/status scripts, and includes an installer. Required services (FalkorDB, Ollama) and Python packages are exactly what this memory system needs.
!
Instruction Scope
Runtime instructions and scripts read and write files in the user workspace (/home/node/.openclaw/workspace by default), ingest arbitrary workspace documents, and run network checks against local Ollama/FalkorDB endpoints. The installer patches the global OpenClaw config (~/.openclaw/openclaw.json), and the included C daemon (memwatchd) watches workspace files and runs a refresh script on changes. The watcher invokes memory-upgrade/graph_refresh.py when files change, but graph_refresh.py is not present in the provided manifest — this is an incoherence and could break or cause unexpected behavior.
Install Mechanism
There is no formal package install spec, but install.sh performs numerous system actions: pip installs (via get-pip.py if needed), pulls Ollama models using docker exec, builds a C program with gcc, patches OpenClaw config, seeds the graph, creates vector index, and may create a cron job. These steps are typical for this kind of system but should be run manually or inspected first because they change system state.
!
Credentials
The skill declares no required env vars but implicitly depends on and modifies environment/config files: it reads OPENCLAW_WORKSPACE (default /home/node/.openclaw/workspace), edits ~/.openclaw/openclaw.json, and expects local Ollama/FalkorDB endpoints (172.18.0.1:11436/6379). While these are proportionate to a local memory system, the skill's operations touch global agent configuration and workspace files — broader access than a pure 'helper' script and worth review.
!
Persistence & Privilege
The installer patches the OpenClaw config and the install script advertises creating a 5-minute cron job; it also builds/starts a memwatchd daemon that automatically executes a refresh script on workspace file changes. That gives the skill long-term active presence and ability to run code on file changes. Although persistence is plausible for a memory service, modifying global agent config and installing a watcher/cron are high-impact operations and should be consented to explicitly by the user.
What to consider before installing
What to check before installing: - Backup ~/.openclaw/openclaw.json and any important workspace files. install.sh patches openclaw.json automatically. - Inspect graph_refresh.py (the memwatchd daemon calls memory-upgrade/graph_refresh.py on changes). The provided package does not include that file in the manifest — confirm what the refresh script does before running the watcher/installer. - Review install.sh and run it with --dry-run first; it will pull Ollama models (via docker exec), install Python packages, build a C daemon, and may create cron jobs. - If you don't want automatic, persistent behavior: do not start memwatchd or allow the script to patch configs/cron; instead run ingest/query scripts manually in a sandboxed environment. - Run the installer in an isolated/test environment (or container) first so you can observe changes and network activity (it communicates with local endpoints by default: 172.18.0.1 for Ollama/FalkorDB). - Confirm the Ollama/FalkorDB endpoints the skill uses are local and trusted; if these addresses are reachable beyond your host network, treat with caution. Why I marked this suspicious: the core functionality and dependencies align with the description, but the skill modifies global OpenClaw configuration, installs a persistent daemon/cron that executes workspace scripts, and references a refresh script not included in the package — this combination increases the attack surface and is incoherent until the missing refresh script is inspected. If you want to proceed, verify the missing file, run installs manually, and prefer running the system in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

embeddingsvk9726j0ypsm2bfjyp3gggaqeh98477jzfalkordbvk9726j0ypsm2bfjyp3gggaqeh98477jzgraphitivk9726j0ypsm2bfjyp3gggaqeh98477jzknowledge-graphvk9726j0ypsm2bfjyp3gggaqeh98477jzlatestvk9726j0ypsm2bfjyp3gggaqeh98477jzlocal-llmvk9726j0ypsm2bfjyp3gggaqeh98477jzmemoryvk9726j0ypsm2bfjyp3gggaqeh98477jzmoevk9726j0ypsm2bfjyp3gggaqeh98477jzollamavk9726j0ypsm2bfjyp3gggaqeh98477jzragvk9726j0ypsm2bfjyp3gggaqeh98477jz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments