Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memory Sorting
v3.0.7像整理衣柜一样整理记忆,检测重复/过时/冲突,生成提案等你批准 / 触发词:整理记忆、记忆整理 / 命令:/memory-sorting
⭐ 0· 175·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose—reading and reorganizing MEMORY.md, topics/, and daily notes—and the SKILL.md's required FileRead/FileWrite/exec permissions are generally proportional. However, SKILL.md also says it will verify against “当前代码/配置” (current code/config), implying access to source files or configs beyond the memory files; the skill's registry metadata does not declare that broader scope. This mismatch between described scope (memory files) and the implied scope (code/config) is a notable inconsistency.
Instruction Scope
The instructions require scanning topics/, MEMORY.md, and memory/*.md and then run 'grep 全文' to detect duplicates/conflicts—but it's ambiguous whether '全文' is limited to those memory files or to the entire workspace. The skill also requires running edits after user approval. 'exec' is requested for grep, which grants the agent the ability to run shell commands; while SKILL.md mentions only grep, exec is a powerful permission. The requirement to 'trust reality' and compare against current code/configs further implies reads of other repo files not explicitly scoped in the permission list.
Install Mechanism
Instruction-only skill with no install spec or external downloads. No code files to execute were provided by the skill bundle itself, which reduces installation risk.
Credentials
No environment variables or external credentials are requested (good). The skill does request file read/write and exec capabilities in SKILL.md; those are functionally necessary for editing MEMORY.md/topics and running grep, but they are sensitive and should be granted only with clear scope (which the SKILL.md currently leaves ambiguous).
Persistence & Privilege
The skill is not always-on and is user-invocable. Autonomous invocation is allowed (platform default) but does not by itself change this assessment. The skill does perform write operations after explicit approval per its workflow, which is appropriate for an edit-oriented tool.
What to consider before installing
This skill appears to do what it says (scan and reorganize your local memory files), but there are a few caution points: 1) The SKILL.md is ambiguous about the search scope—'grep 全文' could scan only memory files or the entire workspace; confirm with the author which it uses. 2) The skill asks for exec permission (to run grep). exec is powerful — even though SKILL.md mentions only grep, granting exec allows arbitrary shell commands, so only enable it if you trust the skill and can review what commands it will run. 3) The SKILL.md implies verifying against 'current code/config' but permissions only explicitly mention memory files—if you do not want the skill to read source code or configs, do not grant broader FileRead access. 4) The skill will modify files after you 'approve' actions; make sure you have backups or version control enabled so you can revert changes. 5) There are small metadata inconsistencies (SKILL.md version 3.1.0 vs registry 3.0.7 and _meta.json version 1.0.2) — this may be a packaging oversight but is worth asking the publisher to clarify. If you decide to proceed: restrict file-read/write scope to only the memory files (topics/, MEMORY.md, memory/), require explicit user approval for every change, and avoid giving unrestricted exec rights or workspace-wide file read access unless you can audit the exact commands the agent will run.Like a lobster shell, security has layers — review code before you run it.
latestvk9718r0mdnrdytzmmdzqjscwj184ckc0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.