ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Grantai Memory

v1.3.0

Persistent memory for OpenClaw agents. Exact recall in milliseconds - your agent remembers everything across sessions.

0· 295·0 current·0 all-time
by@lgrant1234
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (persistent memory) match the declared requirement (grantai-mcp) and the SKILL.md tools (grantai_infer, grantai_teach, grantai_learn, etc.). Requiring a local mcp binary is expected for this integration.
Instruction Scope
SKILL.md limits actions to memory-related operations (store, recall, import directories, capture conversation turns). It also claims '100% local - data never leaves your machine' and AES-256 at rest; however, those guarantees are only as strong as the grantai-mcp binary/Docker image — the instructions do not provide any enforcement or verification steps (e.g., offline mode, no-telemetry flag, or reproducible checksums).
Install Mechanism
There is no install spec in the registry (instruction-only). SKILL.md points to downloads from solonai.com and a Docker image on ghcr.io (both reasonable hosts). Still, installation requires fetching and running third-party binaries/images — moderate risk unless you verify the releases or run in an isolated/containerized environment.
Credentials
The skill declares no environment variables, no credentials, and no config paths. That is proportionate for a local tool that runs as a coprocessor. NOTE: import commands (learn/git import) will access files you point them at — expected for the stated functionality.
Persistence & Privilege
always is false and autonomous invocation is allowed (the platform default). The skill does not request persistent agent-level privileges or changes to other skills. Wiring the tool into OpenClaw config is normal for an MCP-style integration.
Assessment
This skill appears coherent for adding a local persistent-memory coprocessor, but the security/privacy guarantees in the README depend on the upstream binary/image. Before installing: 1) Verify the publisher (solonai.com) and download checksums/signatures if available. 2) If you need to ensure data never leaves your machine, run the binary/image in an isolated container or host with networking disabled and monitor outgoing connections. 3) Review the Docker image and installer release notes or source code if available (or request a reproducible build). 4) Be aware that import commands will read files you point them at (codebases, git history) — avoid importing sensitive directories unless you trust the binary. If you want stronger assurance, obtain the binary from a verifiable release and/or audit it before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk9742zdfkarcf17sn83kcxgeps82v0ds

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binsgrantai-mcp

Comments