ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Extract Memories

v3.0.10

对话结束时主动提炼关键记忆到 topic 文件 / 触发词:提炼记忆、提取记忆 / 命令:/extract-memories

0· 170·1 current·1 all-time
byMr.Zhenweisi@jofiction918
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (extract memories into memory/topics and update MEMORY.md) align with the permissions and operations described in SKILL.md. It only requests file read/write and session-history access, which are the capabilities you'd expect for this feature. No unrelated env vars, binaries, or installs are requested.
!
Instruction Scope
Instructions require reading the 'current session recent messages (不限条数)' and scanning them for memories, then appending topic files and updating MEMORY.md. There is no explicit redaction, sanitization, or limiting of how many messages are read. The lack of explicit privacy safeguards (what to exclude beyond a brief 'What NOT to Save' list) and use of unlimited reads increases the chance of persisting sensitive data.
Install Mechanism
Instruction-only skill with no install spec and no code files. This has a lower install risk because nothing new is written to disk by an installer step; behavior is limited to what the agent is asked to do at runtime.
Credentials
No environment variables or external credentials are requested (good). The declared required permissions (FileRead, FileWrite/FileEdit on memory/* and sessions_history) are proportional to the stated purpose, but sessions_history is sensitive — it grants access to the conversation content that will be persisted.
!
Persistence & Privilege
always:false (good), but the skill explicitly instructs the agent to trigger automatically on detected 'end of conversation' and via heartbeat intervals. Autonomous invocation combined with the ability to read full session history and write files means the skill can silently create persistent records of conversations without an explicit per-action user confirmation.
What to consider before installing
This skill does what it promises (extracts and stores conversation 'memories'), but review before installing: 1) It will read session history and write files under memory/topics/ and append MEMORY.md — test with non-sensitive content first. 2) Consider disabling automatic triggers (use manual /extract-memories only) or require an explicit confirmation before saving. 3) Ask the author to add redaction/sanitization rules (PII, credentials, secrets) and a configurable message-depth limit instead of '不限条数'. 4) Confirm where memory files are stored and whether they are backed up or shared. 5) If you must install, audit a few generated topic files to ensure no secrets were captured and consider restricting the skill's FileRead/FileWrite scope if the platform allows it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fkcm79b9wpw5hf2yxg4etkn84ckpf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments