ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Memory Enterprise

v0.1.0

Enterprise-grade 5-layer agent memory system with routing, scoring, and multi-backend storage. Use when building production AI agents that need persistent me...

0· 79·1 current·1 all-time
bylaojun@laojun509
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, description, SKILL.md examples, and the included code implement a 5-layer memory system that legitimately requires Redis, PostgreSQL, and ChromaDB configuration. That capability matches the stated purpose. However, the registry metadata lists no required environment variables or primary credential even though the code supports/reads AGENT_MEM_REDIS_URL, AGENT_MEM_POSTGRESQL_URL, AGENT_MEM_CHROMA_PERSIST_DIRECTORY, and similar overrides — a mismatch between declared requirements and actual needs.
!
Instruction Scope
SKILL.md only shows typical usage and an install hint (pip install -e .) and does not warn that the package will load .env or expect DB connection strings. The code calls dotenv.load_dotenv() and reads environment variables for backend URLs; that means the skill can pick up sensitive credentials from the environment or a .env file without the SKILL metadata declaring those secrets or warning the user.
Install Mechanism
There is no registry install spec, but SKILL.md instructs pip install -e . and the package includes a pyproject and ~50 source files. This is an instruction-only registry entry with embedded code — installing will execute user-supplied code locally. No remote/external download URLs or obfuscated installers were found in the provided files, which lowers supply-chain risk, but the absence of a registry install spec is an inconsistency worth noting.
!
Credentials
The skill requires backend connection strings (Redis, PostgreSQL, Chroma) to be useful, yet requires.env is empty and primary credential is none. The code reads environment variables (AGENT_MEM_REDIS_URL, AGENT_MEM_POSTGRESQL_URL, AGENT_MEM_CHROMA_PERSIST_DIRECTORY) and will load a .env file via dotenv.load_dotenv(). That means the skill may access secrets present in the environment or a .env file even though the registry did not declare any required credentials — disproportionate lack of disclosure.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide configuration changes in the provided code. It does not appear to modify other skills' configurations. It will, however, attempt to connect to external services (databases, vector DB) when used — expected for its purpose.
Scan Findings in Context
[pre-scan-none] expected: No automated regex-based injection findings were reported. The use of database clients, dotenv, and networked backends is expected for a memory system and is present in the code.
What to consider before installing
This package appears to implement the memory system it advertises, but it silently reads environment variables and a .env file for backend credentials (Redis, PostgreSQL, ChromaDB) even though the registry entry declares no required credentials. Before installing or running: 1) Inspect the storage client files (postgres_client.py, redis_client.py, chroma_client.py) to confirm they only connect to your configured backends and don't call unexpected endpoints. 2) Do not install into an environment that contains production .env secrets or global DB credentials — use an isolated virtualenv or container and test with throwaway databases. 3) Consider whether you want to grant the skill network access to your databases; if not, run it in a sandbox. 4) Because the skill author and homepage are unknown, prefer to audit the source or get the package from a trusted source before giving it real credentials. If you want, I can scan the storage client files (postgres_client.py, redis_client.py, chroma_client.py) and pyproject.toml for any hardcoded hosts or unexpected behavior — that would raise or lower my confidence.

Like a lobster shell, security has layers — review code before you run it.

agentvk97e1rst21hqqsnent4zzee9dn84g93baivk97e1rst21hqqsnent4zzee9dn84g93bdatabasevk97e1rst21hqqsnent4zzee9dn84g93benterprisevk97e1rst21hqqsnent4zzee9dn84g93blatestvk97e1rst21hqqsnent4zzee9dn84g93bmemoryvk97e1rst21hqqsnent4zzee9dn84g93b

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments