ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

memory-orchestrator

v1.0.0

Layered memory orchestration for OpenClaw conversations. Use when implementing or maintaining a memory system that must classify user input by domain, captur...

0· 67·0 current·0 all-time
byjil@jl1914
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md, and the included scripts consistently implement a layered, file-based memory system (session state, daily logs, topics, objects, reflections, index). The declared capabilities align with the required scripts and file layout; no unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md and the scripts operate within the stated scope (classify input, extract events, write daily logs, materialize objects, recall, reflect). However, runtime relies on an environment variable MEMORY_ROOT (used by many scripts) although the skill declares no required env vars — the agent or environment can therefore redirect memory storage. All I/O is limited to files under the chosen MEMORY_ROOT, and there are no network calls or external endpoints in the code.
Install Mechanism
This is instruction-only with bundled Python scripts; there is no install spec, no external downloads, and no packages fetched. Risk from install mechanism is low.
!
Credentials
The skill declares no required environment variables but the scripts consistently read MEMORY_ROOT to determine where to read/write memory. This undeclared env var is powerful: if MEMORY_ROOT is set to an unexpected path the scripts will create/modify files there. No credentials/tokens are requested, which is appropriate, but the ability to re-point file storage is a meaningful capability that should be explicit to users.
Persistence & Privilege
always:false (good). The skill can be invoked autonomously (disable-model-invocation:false), which is normal. Because the scripts write and modify files automatically when triggered (extract/apply/reflect), autonomous invocation combined with an attacker-controlled or misconfigured MEMORY_ROOT could lead to writes outside the intended workspace. The skill does not modify other skills' configs or system-wide settings.
What to consider before installing
This skill appears to do what it claims: manage a local, white-box memory directory and provides scripts to gate, capture, recall, and reflect. Before installing or enabling it widely: 1) Confirm where memory will be stored — set MEMORY_ROOT explicitly to a safe, isolated workspace directory (the default is ./memory in the agent's working directory). 2) Review and monitor the created memory/ files (topics, objects, daily, reflections, indexes) because the skill will write user-provided text to disk and can materialize 'preferences' and 'decisions' files automatically. 3) If you allow autonomous invocation, be aware the skill may write files whenever its gate triggers; if that is undesirable, require user-invocation only. 4) Avoid setting MEMORY_ROOT to any sensitive system path and prefer running the skill in an isolated container/workspace. 5) If you need networked or multi-tenant deployment, audit the code further (it currently performs no network calls but writes files locally).

Like a lobster shell, security has layers — review code before you run it.

latestvk9765xd084mhhb80gsrmsj3nxd83t1n9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments