ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Palace

v1.6.5

Cognitive enhancement layer for OpenClaw agents with semantic search, time reasoning, knowledge graphs, experience accumulation, and LLM-enhanced features

0· 231·3 current·3 all-time
by蓝宙@lanzhou3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (persistent memories, semantic search, time reasoning, LLM features) align with the included TypeScript and Python code and the documented tools. However the declared registry metadata says no required binaries/env vars while the docs and scripts clearly expect Python, pip, a local model (BAAI/bge-small-zh-v1.5), and an optional HF_ENDPOINT mirror — a modest mismatch between declared requirements and actual expectations.
!
Instruction Scope
SKILL.md explicitly instructs the agent to check for a local vector model and to 'promptly' or 'proactively' execute an installation script (bash scripts/install-vector-model.sh). That gives the agent authority to run shell installs, install Python packages, download models, and start the optional Python vector service. The instructions also expect reading/writing workspace files (memory/palace/*) and updating timestamps — all coherent for the purpose, but broader than a pure read-only helper and potentially risky if run without review.
!
Install Mechanism
There is no declared install spec, but the package includes scripts that install Python deps and download a model. AGENTS.md notes 'npm install runs scripts/check-vector-deps.cjs which prompts to install Python packages' and there is an install-vector-model.sh and vector-service.py that will fetch model artifacts (likely from HuggingFace/BAAI). Downloads and postinstall steps executed by the agent or during npm install can write files and run arbitrary code — moderate risk and should be reviewed before execution.
!
Credentials
Registry metadata lists no required environment variables or credentials, yet the documentation and AGENTS.md reference HF_ENDPOINT, Python/pip, and integration with OpenClaw's MemoryIndexManager/LLM clients. The skill's SubagentClient/LLM integration will perform network calls and may rely on host LLM credentials or OpenClaw context not declared by the skill. Requesting no credentials while expecting networked LLM/vector operations is a proportionality mismatch.
Persistence & Privilege
always:false (not forced into every run) is appropriate. However the skill can be invoked autonomously (disable-model-invocation:false) and its instructions encourage running installers and starting background services (python scripts/vector-service.py &). Combined with the ability to modify the workspace and run postinstall scripts, this increases the blast radius if the skill is allowed autonomous actions — review and limit automatic execution where possible.
What to consider before installing
What to consider before installing or enabling this skill: - Review the install scripts (scripts/install-vector-model.sh, scripts/check-vector-deps.cjs, scripts/vector-service.py) before running; they will install Python packages and download a ~100MB model. Run them manually in a safe environment (container or VM) first. - The skill expects Python and pip and may use HF_ENDPOINT. Although the registry lists no required env vars, the code and docs rely on them — set or sandbox any endpoints and credentials deliberately. - The SKILL.md tells the agent it may 'proactively' run installers; avoid granting broad autonomous execution rights if you don't trust the source. Prefer to invoke the skill manually the first time and monitor what it executes. - The skill stores memories as Markdown under {workspace}/memory/palace/ and will read/write those files; do not point workspaceDir at locations containing secrets or credentials. - If you want to use vector search, run the vector service and model download yourself in an isolated environment rather than letting the skill run them automatically. If you are not comfortable auditing the scripts or running them in isolation, treat this package as untrusted and do not enable autonomous invocation.
scripts/check-vector-deps.cjs:30
Shell command execution detected (child_process).
src/background/vector-search.ts:128
Shell command execution detected (child_process).
tests/cli.test.js:27
Shell command execution detected (child_process).
src/background/vector-search.ts:123
Environment variable access combined with network send.
src/llm/subagent-client.ts:92
Environment variable access combined with network send.
!
src/llm/subagent-client.ts:103
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97berk9s7qxepc6fa3rgjc3dd83a784

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments