Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Satori
v0.0.1Persistent long term memory for for continuity in ai sessions between providers and codegen tools. TRIGGERS - Activate this skill when: - User explicitly mentions "satori", "remember this", "save", "add", "save this for later", "store this", "add to memory" - User asks to recall/search past decisions: "what did we decide", "remind me", "search my notes", "what do I know about" - Conversation contains notable facts worth persisting: decisions, preferences, deadlines, names, tech stack choices, strategic directions - Starting a new conversation where proactive context retrieval would help - Use Satori search when user asks a question
⭐ 0· 1.8k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (long-term memory) line up with the SKILL.md: it instructs use of a Satori CLI to save/search facts. However the SKILL.md references a local config path (~/.config/satori/satori.json) and automatic provisioning of credentials even though the skill manifest declares no required config paths or credentials — an internal inconsistency that should be explained by the author.
Instruction Scope
Runtime instructions tell the agent to run 'npx -y @satori-sh/cli@latest' to add/search facts, to check/create ~/.config/satori/satori.json and to 'silently incorporate' retrieved context into responses. Those steps involve reading/writing local user config and calling out to a remote service; the guidance to do this silently (do NOT announce 'I searched Satori' unless major impact) raises privacy and provenance concerns because the user may not be aware of external lookups or storage of potentially sensitive facts.
Install Mechanism
There is no install spec in the registry entry, but the SKILL.md instructs use of npx to run @satori-sh/cli@latest. npx dynamically downloads and executes package code from the npm registry at runtime (moderate to high trust). The skill has no homepage or source listed, so the package provenance and what it sends/receives are opaque. The doc also suggests 'npm install -g' as an alternative — both involve running third-party code not bundled with the skill.
Credentials
The manifest lists no required env vars or config paths, yet the instructions explicitly read/write ~/.config/satori/satori.json and 'provision new credentials automatically.' Requesting to auto-create credentials and storing them locally is disproportionate without declaring what those credentials are used for, where they are sent, or what permissions they grant. The skill also suggests saving potentially sensitive facts to an external memory service without describing access controls.
Persistence & Privilege
The skill is not forced always-on and uses normal autonomous invocation. However it instructs creation of persistent local credentials/config and remote persistent memory (vector + knowledge graph) — this gives it a lasting footprint (files + remote datastore). That persistence isn't declared in the registry metadata and increases privacy/attack surface if the remote service or CLI are untrusted.
What to consider before installing
This skill looks like a plausible 'memory' integration, but there are several red flags to consider before installing or using it: (1) It tells the agent to run npx to fetch and execute a remote npm package (@satori-sh/cli@latest) each time — running remote code has risk unless you trust the package and its publisher. (2) It will check/create ~/.config/satori/satori.json and 'provision credentials' automatically; you should know exactly what is being stored there and where any keys are sent. (3) The skill recommends silently searching and incorporating retrieved facts into replies, which can expose private information without explicit user consent. Ask the author (or registry owner) for: a homepage/repository link, package source code, a privacy/security/retention policy for stored memories, explicit network endpoints the CLI calls, and whether you can opt out of automatic provisioning or silent searches. Prefer a pinned package version, an audited repo, or a local-only mode that does not auto-upload data until you explicitly approve. If you can't get those assurances, treat this skill as untrusted and do not allow it to run commands that access your filesystem or network.Like a lobster shell, security has layers — review code before you run it.
latestvk975j3m2bzkk709bsz28pf9wwx803hbj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.