Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fpms Memory
v0.2.0Cognitive memory engine — gives your AI persistent work tracking, proactive risk alerts, and cross-conversation continuity. Never lose track of projects again.
⭐ 0· 83·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The claimed purpose — a local, Python-based memory/task engine — matches the requirement for python3 and a local binary named 'focalpoint'. However the SKILL.md and registry metadata use multiple package names (focalpoint, fpms, focalpoint/fpms on PyPI/GitHub) and a GitHub sync feature is listed without describing how GitHub auth is provided. These naming/auth mismatches are inconsistent with the stated purpose and should be clarified.
Instruction Scope
The runtime instructions tell the agent to add an MCP server entry and call a range of tools automatically (bootstrap on conversation start, append_log for decisions, update_status, and run 'heartbeat' every ~10 minutes). While these are coherent for a memory tool, the instructions also mandate continuous/periodic operations and automatic actions in 'EVERY conversation' — this could lead to frequent autonomous activity. The document does not describe whether those periodic heartbeats run entirely locally, whether they reach remote endpoints, or what data is transmitted during GitHub sync.
Install Mechanism
The registry's install spec uses 'uv' with package 'focalpoint', while the SKILL.md shows 'pip install focalpoint' and links to a PyPI page for 'fpms'. These inconsistencies (uv vs pip, focalpoint vs fpms vs fpms on PyPI) are red flags: the install mechanism is not clearly specified and could point to a poorly-documented or misconfigured package. No code files are bundled in the skill, so the installer will be the primary source of code — verify the upstream package before running it.
Credentials
The skill declares no required environment variables or credentials, yet advertises GitHub integration and auto-sync of issues. A GitHub sync normally requires a token or OAuth config; the absence of declared auth requirements is a mismatch. Either the feature is disabled by default, or the skill is omitting a needed credential requirement — this should be clarified before granting network or repo access.
Persistence & Privilege
The skill is not marked 'always:true' and is user-invocable, which is the expected default. However, the instructions push for automatic calls in every conversation and periodic heartbeat checks. Combined with the installation of a local MCP server binary, this gives the skill a persistent presence on the agent platform when enabled — reasonable for a memory tool but worth confirming (especially network behavior).
What to consider before installing
Do not install blindly. Before installing, verify the upstream package and provenance: check PyPI/GitHub for a package named 'focalpoint' (and reconcile the 'fpms' references), inspect the package source, and confirm what the 'focalpoint' binary does and whether it makes network calls. Ask the maintainer how GitHub sync authenticates (does it require a token? where to set it?) and what data is transmitted during 'heartbeat' and syncs. Prefer installing in a sandbox or VM and running the binary with network disabled until you confirm its behavior. If you rely on this skill for sensitive projects, require explicit documentation of authentication and a vetted release (signed GitHub release or well-known package on PyPI). If any of these points are unclear or the package is only available from an untrusted URL, treat the skill as unsafe to install.Like a lobster shell, security has layers — review code before you run it.
latestvk9753fc7rfm4cbmqhaq2xkqj7d83c6q6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
Binspython3
Install
uv
Bins: focalpoint
uv tool install focalpoint