Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memoria
v0.2.1Structured memory system for AI agents. Use when the user wants to store, recall, or search memories, manage session lifecycle (wake/sleep/checkpoint), sync...
⭐ 0· 678·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name and description match the code and CLI (local markdown vault, search, Notion sync). Dependencies (Notion client, search libs) and commands align with the stated purpose. However, registry metadata claims 'instruction-only / no install spec' while the package contains full CLI source and package.json — an inconsistency that should be explained by the publisher.
Instruction Scope
SKILL.md instructs agents to 'proactively' capture personal information including 'credentials context' and to 'always sync' to Notion after storing. That gives the agent broad permission to record potentially sensitive data (names, locations, health, even credential context) and push it to a third-party service. The instructions also require setting MEMORIA_VAULT (not declared in registry) and routinely call sync and setup-notion commands — behavior that can lead to unintended transmission of secrets if the agent follows the 'store everything' guidance.
Install Mechanism
No install spec is present in the registry metadata (marked instruction-only), but a full npm package (package.json, bin, src) is included in the manifest and README instructs installation via npm. The code uses standard npm packages and GitHub-style assets (no obscure download URLs). This is not a high-risk install mechanism, but the discrepancy between 'instruction-only' and included code should be clarified.
Credentials
Registry declares no required env vars or primary credential, but SKILL.md and the code expect/encourage MEMORIA_VAULT and accept a Notion integration token. Notion tokens are provided via CLI and then stored in the vault config (.memoria.json) in plaintext. The AGENTS.md instructs recording 'credentials context' — storing such sensitive context and automatically pushing it to Notion is disproportionate and risky unless users understand and consent.
Persistence & Privilege
The skill does not request 'always: true' and does not appear to modify other skills or system-wide agent settings. It writes its own vault files and a local config (.memoria.json / .sync-state.json), which is expected for this tool.
What to consider before installing
This tool implements a local-first memory vault with optional two-way Notion sync and appears to be a legitimate project, but there are important caveats:
- The agent instructions explicitly recommend proactively saving personal information (names, location, health) and even 'credentials context'. If Notion sync is configured those entries will be pushed to Notion — consider whether you want sensitive data stored in a third-party workspace.
- The Notion integration token is accepted via CLI and then written to the vault config file in plaintext (.memoria.json). Treat that token like any secret; only configure Notion on machines and in workspaces you trust.
- Registry metadata says 'instruction-only' but the package contains a full npm CLI. Ask the publisher to clarify distribution/install expectations and confirm the published package name/registry.
- If you plan to use this with an agent that autonomously follows the 'proactive capture' guidance, limit its scope or disable auto-sync until you review what it will store and push.
Before installing: verify the npm package source (author, repository), consider running it in a restricted environment, and avoid configuring Notion with a token that has access to sensitive data or that you cannot revoke. If you want, I can list the files that store tokens or show where the token is saved so you can audit or modify that behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk975gqy5ys1kj27rfmtqphexm581jbww
License
MIT-0
Free to use, modify, and redistribute. No attribution required.