Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
龙虾记忆大师
v1.0.0真正的长期记忆管理技能。自动维护记忆文件、定期归档、智能提醒。 包含 Working Buffer 协议、Memory Maintenance 清单、自动学习日志。 When to use: - User asks about prior work, decisions, dates, people, prefe...
⭐ 0· 92·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the provided code and instructions: the skill manages MEMORY.md, working-buffer and daily archives. The included scripts (archive-memory.js, check-context.sh) perform only local file operations consistent with the stated purpose.
Instruction Scope
SKILL.md instructs creating workspace files, cron jobs, and AGENTS.md to enable autonomous daily learning. Those are within a memory manager's goal, but creating system cron entries and agent policy files expands scope beyond 'read/write memory files' and requires careful privilege control. The instructions also rely on an environment variable (OPENCLAW_WORKSPACE) not declared in the manifest.
Install Mechanism
No install spec or remote downloads. This is instruction-only with two small included scripts. No network fetches or package installs are performed by the skill itself.
Credentials
The code reads OPENCLAW_WORKSPACE (defaulting to /root/.openclaw/workspace) but requires.env lists nothing. The skill will write files under that workspace path; requiring filesystem write access makes sense for a memory skill, but the undeclared OPENCLAW_WORKSPACE and its default to /root are concerning and should be explicit and configurable.
Persistence & Privilege
The SKILL.md encourages scheduling cron jobs and creating AGENTS.md to run autonomous daily tasks. While not set to always:true, these instructions create persistent scheduled behavior outside the agent runtime and may require system-level privileges. The skill itself doesn't declare or request those privileges, so installing/activating those behaviors needs explicit user consent and operational review.
What to consider before installing
This skill appears to implement what it claims (local long‑term memory files and simple archive/check scripts), but take these precautions before installing or enabling autonomous behavior:
- Confirm the workspace location: the scripts use OPENCLAW_WORKSPACE and default to /root/.openclaw/workspace. Set OPENCLAW_WORKSPACE to a directory you control (not /root) and verify permissions.
- Review and approve any instruction that creates system cron jobs or AGENTS.md; scheduling tasks or creating agent policies grants ongoing behavior and may run outside your immediate control.
- Understand that the skill will write and modify files under the workspace (MEMORY.md, memory/*.md, SESSION-STATE.md, working-buffer.md). If these files contain private data, consider encrypting or limiting access.
- The included scripts are short and do not perform network calls or read secrets, but you should inspect them (they are provided) and run them in a sandbox first.
- Recommend asking the publisher to declare OPENCLAW_WORKSPACE in requires.env or document the expected workspace explicitly, and to clarify how AGENTS.md and cron entries should be managed and revoked.
If you need the skill but want to minimize risk: run it in a non-privileged, isolated workspace with explicit environment variables, and do not enable system cron/agent automation until you’ve inspected AGENTS.md and confirmed intended behaviors.Like a lobster shell, security has layers — review code before you run it.
automationvk978z26rmydbcfs8k2gdc9v74n83cz75context-managementvk978z26rmydbcfs8k2gdc9v74n83cz75latestvk978z26rmydbcfs8k2gdc9v74n83cz75long-termvk978z26rmydbcfs8k2gdc9v74n83cz75memoryvk978z26rmydbcfs8k2gdc9v74n83cz75
License
MIT-0
Free to use, modify, and redistribute. No attribution required.