Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Brain Evolution Skill
v0.1.0基于人脑进化机制的智能记忆管理,实现高频请求条件反射,加速缓存查询,自动强化与遗忘记忆,提高多线程安全性。
⭐ 0· 100·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description and SKILL.md present a Python package (modules under skills.brain_evolution), CLI scripts (brain_manager.py), and SQLite-backed L1/L2 storage. However, the skill bundle contains no code files and no install spec. That means the declared capabilities cannot be realized by the published package as-is, which is an incoherence between purpose and provided artifacts.
Instruction Scope
Runtime instructions tell the agent to import and call Python modules, run Python scripts in skills/brain-evolution, read/write SQLite (WAL mode), perform cleanup/forget operations (including deletion), and integrate with other skills (e.g., smart_cache). Those instructions implicitly require filesystem writes and access to other skill modules, but none of those dependencies or files are present — the runtime scope exceeds what the package actually supplies and could lead to unexpected filesystem operations if code is later provided or copied.
Install Mechanism
There is no install specification even though SKILL.md claims '已安装到:skills/brain-evolution/'. The lack of an install mechanism combined with explicit references to scripts and modules is inconsistent. Because no code is shipped, an agent or user would need to obtain/execute external code to follow the instructions — this gap is a risk factor (missing provenance / hidden fetch).
Credentials
The skill declares no required environment variables or credentials, which superficially matches a local caching library. However, the instructions imply read/write access to the agent's skills directory, creation of SQLite files, and integration with other skills (smart_cache, memory-system) that are not declared. Those implicit resource needs are not documented and may be disproportionate to the metadata provided.
Persistence & Privilege
The skill does not request always:true and is user-invocable (reasonable). But SKILL.md prescribes creating and mutating persistent artifacts (SQLite DB, caches, cleanup/forget operations) within skills/brain-evolution. Even without explicit elevated privileges, the skill intends to persist and delete data on disk — users should be aware of filesystem effects.
What to consider before installing
This package is instruction-only but the documentation describes Python modules, CLI scripts, and a disk-backed SQLite cache that are not present in the published bundle. Before installing or invoking: (1) ask the publisher for the actual code or a source repository and verify its integrity; (2) do not run any provided python commands unless you can inspect the code first; (3) if you must test, run in a disposable sandbox with restricted filesystem access; (4) confirm where databases/files would be written and whether they overwrite existing data; (5) verify any referenced integrations (smart_cache, memory-system) exist and are trusted. The mismatch between claimed functionality and provided artifacts is the main red flag — it may be an incomplete/abandoned skill or it could hide a step that fetches external code at runtime.Like a lobster shell, security has layers — review code before you run it.
latestvk97ecc7tvrq6zq0wwxmh46zkxd83ajrh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.