Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memory Pruner
v1.0.0Manages agent memory by auto-pruning old or low-relevance entries, compressing duplicates, and reporting storage costs with safe defaults.
⭐ 0· 123·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and commands (prune, analyze, compress, dry-run) coherently describe a memory management tool. However, the SKILL.md and config.json reference a 'memory-pruner' CLI and a 'memory/' working directory as part of the skill's files, yet the package contains no executable or code files. That leaves the agent instructed to run a binary that is not provided by the skill bundle.
Instruction Scope
The runtime instructions explicitly instruct reading, analyzing, compressing, backing up (.bak), and deleting workspace memory files. Those operations are within the claimed purpose, but because this is an instruction-only skill with no implementation, an agent following these instructions could run any local 'memory-pruner' binary present on the system or an attacker-supplied binary. The SKILL.md promises 'never deletes without confirmation', but instructions still include destructive actions (prune) and file I/O — the absence of an included implementation and of strict path constraints raises risk.
Install Mechanism
No install spec is provided (lowest install risk). However, config.json lists 'entry':'memory-pruner' and 'runtime':'shell', implying an entrypoint that does not exist in the bundle. This mismatch means the skill expects an external CLI to be present; the origin and integrity of that CLI are undefined.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportionate to the stated purpose. There is no request for unrelated secrets or external service keys.
Persistence & Privilege
The skill is not always-enabled and uses normal autonomous invocation defaults. It does not request persistent system-wide configuration changes in its bundle. The main concern is not privilege flags but the potential for destructive filesystem operations if an external 'memory-pruner' binary is invoked.
What to consider before installing
Do not install or run this skill without verifying where the 'memory-pruner' CLI comes from. The SKILL.md instructs file reads and deletions but the package does not include the referenced executable or memory/ directory; an agent would rely on a local or external binary of unknown provenance. Before using: (1) inspect and obtain the memory-pruner implementation from a trusted source, (2) run only dry-run/analyze first and inspect suggested deletions, (3) ensure backups are stored in a safe location you control, (4) restrict the agent’s permissions so it cannot delete unrelated files, and (5) prefer manual confirmation before any prune operation. If you cannot verify the CLI origin or prefer not to grant filesystem deletion rights, consider declining this skill.Like a lobster shell, security has layers — review code before you run it.
agentvk97fbht6202tsww3jj3w6nvmas8338chlatestvk97fbht6202tsww3jj3w6nvmas8338chmanagementvk97fbht6202tsww3jj3w6nvmas8338chmemoryvk97fbht6202tsww3jj3w6nvmas8338choptimizationvk97fbht6202tsww3jj3w6nvmas8338chpruningvk97fbht6202tsww3jj3w6nvmas8338ch
License
MIT-0
Free to use, modify, and redistribute. No attribution required.