ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Memory Upgrade

v1.0.0

Complete guide to upgrading OpenClaw's memory system for persistent, searchable context across sessions. Implements 6 upgrades including enhanced memory flus...

0· 69·0 current·0 all-time
byJohn Wang@johnnywang2001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name and description (persistent searchable memory) align with the instructions to add memoryFlush, session indexing, and file-based memory. However, the SKILL.md requires access to and edits of the global openclaw.json and AGENTS.md and asks for npm for a Mem0 plugin while the registry metadata declares no required config paths or install steps. Asking to modify top-level config and to install plugins is more privileged than the registry metadata indicates.
!
Instruction Scope
The runtime instructions explicitly tell the agent to read and write workspace memory files (MEMORY.md, memory/YYYY-MM-DD.md), modify openclaw.json and AGENTS.md, and index past session transcripts. Critically, the memoryFlush prompt directs extraction of 'TECHNICAL DETAILS (commands, configs, API keys, endpoints, file paths)', which would cause the agent to capture secrets and highly sensitive data into persistent files — this is scope creep beyond ordinary memory capture and is a privacy/security risk.
Install Mechanism
There is no install spec in the registry (instruction-only), but SKILL.md lists 'npm (for Mem0 plugin installation)' as a prerequisite and refers to a Mem0 plugin. The skill gives no vetted install source or package name and does not declare an install plan. Instruction-only distribution reduces direct install risk, but the missing, unverified npm install step is an operational gap and potential vector for supply-chain compromise.
!
Credentials
The registry declares no required environment variables or credentials, yet the instructions would cause the agent to extract and persist 'API keys' and other technical secrets into memory files. Requesting or instructing capture of secrets without declaring or justifying credential access is disproportionate and dangerous: it enables long-term storage (and possible exfiltration) of secrets in plaintext files.
!
Persistence & Privilege
always:false and normal autonomous invocation are fine, but the skill's recommended edits are to global OpenClaw config (openclaw.json, AGENTS.md) and creation of persistent memory files. That amounts to changing system-wide agent behavior and persistent data storage — acceptable for a memory upgrade but should be explicit and consented to. The skill does not declare these config paths in metadata, so it grants implicit, broad persistence privilege without transparency.
What to consider before installing
Before installing or applying these instructions: - Review and back up openclaw.json and any AGENTS.md files before making edits; the SKILL.md proposes global config changes. - Remove or edit the 'TECHNICAL DETAILS' category in the memoryFlush prompt so the agent does NOT capture API keys, passwords, private keys, tokens, or other secrets into persistent memory files. Storing secrets in daily logs or MEMORY.md is unsafe. - If you must use a plugin (Mem0), identify the exact npm package name and inspect its source code (or use a vetted package) before running npm install. The skill provides no install spec or trusted URL. - Run changes in a sandbox or dev environment first to observe file I/O and behaviour, and search created memory files for unintended sensitive data. - Limit autonomous invocation until you trust the configuration: consider disabling auto-run of memoryFlush or require explicit user approval for writes. - If you want to proceed, create policies or scripts that redact secrets (API keys, tokens, credentials, private endpoints) from things the agent writes to memory, and consider encrypting persistent memory storage. If you want, I can: (a) produce a redacted memoryFlush prompt that excludes secret capture, (b) generate a safe checklist for reviewing openclaw.json changes, or (c) help draft an explicit install and verification plan for the Mem0 plugin.

Like a lobster shell, security has layers — review code before you run it.

latestvk978mh1j692jjs4nv34vtv468s83k84m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments