ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Plus Sync

v1.0.0

实现飞书、微信、Telegram 等多渠道消息采集与同步,统一存储到官方 SQLite,支持实时监控、告警及自动恢复。

0· 47·0 current·0 all-time
byLewis&Eva@lewistouchtech
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (cross‑channel message collection + SQLite storage + monitoring) matches the code: collector classes (feishu/wechat/telegram/voice), MemoryPlus writing to an OpenClaw SQLite DB, and monitor/daemon logic. However, skill metadata claims a Python entry/venv and dependencies (watchdog) in skill.yaml while no install spec is provided by the registry; that inconsistency may lead to unclear install behavior. Source/homepage are unknown which reduces provenance.
!
Instruction Scope
Runtime instructions and code read many local paths (~/.openclaw/workspace/chat_history, ~/.openclaw/workspace/wechat_messages, ~/.openclaw/workspace/telegram_messages, ~/.openclaw/voice, and the OpenClaw memory DB at ~/.openclaw/memory/main.sqlite) and will ingest and persist chat contents and voice logs into a local SQLite DB and logs. This is consistent with the stated purpose but constitutes broad access to potentially sensitive local conversations — the SKILL.md and code both enable automatic/cron execution and integration into the main loop, increasing the chance of collecting data without explicit per‑message consent.
!
Install Mechanism
No install spec is present in the registry payload (instruction-only), yet skill.yaml declares an entry script, a venv path (~/.openclaw/workspace/venvs/memory-plus) and dependencies (watchdog, sqlite3). That mismatch means the runtime platform may not automatically install required packages or create the venv; the skill expects a Python runtime and local virtualenv but gives no explicit install/download source. The README references a GitHub repo and ClawHub commands, but source is 'unknown' in registry — provenance and installation steps are unclear.
Credentials
The skill does not request environment variables or external credentials. It does access local OpenClaw configuration and specific filesystem paths under the user's home directory; these accesses are consistent with the purpose (synchronizing local exported chat history and the OpenClaw memory DB) but constitute sensitive data access (no external tokens are required).
Persistence & Privilege
always:false (normal). The skill will write to the user's OpenClaw workspace and memory DB, create backup copies, and write alert/stats/monitor logs under ~/.openclaw/workspace/logs — that is expected for this functionality. However, because the skill can be invoked autonomously (platform default) and it automatically reads/ingests local chat logs, its blast radius is higher: an autonomously-invoked skill that scans and writes local conversations can exfiltrate or centralize sensitive content if it were modified to do so. No code in the package performs network exfiltration, but provenance is unknown.
Scan Findings in Context
[pre-scan-injection] expected: No pre-scan injection signals detected. Given the skill operates on local files and DBs, absence of such flags is not evidence of safety; still, no obvious obfuscated or network-exfil patterns were found in provided source.
What to consider before installing
Key points to consider before installing: - Provenance: the registry entry has no homepage and source is unknown. Prefer code from a verifiable repository or a trusted publisher. The README references a GitHub repo and an author email; verify that repository and author before trusting the package. - Local data access: this skill intentionally reads local chat exports (feishu/wechat/telegram) and voice logs and writes them into ~/.openclaw/memory/main.sqlite and logs under ~/.openclaw/workspace/logs. If you have private or regulated data in your chats, do not enable it without auditing and consent. - Installation ambiguity: skill.yaml lists a venv and dependencies but the registry provides no install spec. If you install, run the code in an isolated environment (create the venv yourself, inspect requirements, run tests) rather than using an automatic 'enable' flow. - Review code: the source appears to contain no network exfiltration (no HTTP/post sockets), but you should still audit the code (collector.py, memory_plus.py, monitor.py) for any changes before granting it persistent or autonomous use. - Least privilege: run first in a sandbox or on a non-sensitive account. Limit filesystem permissions for the process (e.g., run in a container or with a dedicated user) and verify file paths the skill will touch. Consider disabling autonomous invocation until you are comfortable with behavior. - Operational: if you decide to proceed, ensure backups of your memory DB, and adjust configuration to only include channels you want synced. Consider removing/stubbing the automatic collectors for channels you do not use (wechat/telegram) or adding explicit per-channel opt-in.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dp97vgr4cybecgj77ec79zd84cty0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments