ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Elite Longterm Memory

v1.1.0

Local vector memory system with LanceDB + Pure JS embedding. No native modules or external APIs required.

2· 1.3k·8 current·8 all-time
by@lhmiles
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description advertise 'no native modules or external APIs required' and 'pure local', but the code and README/SKILL.md instruct users to run Ollama, pull nomic-embed-text, and run npm install. The package-lock lists @lancedb/lancedb and apache-arrow (optional native binaries). The ONNX embedder downloads model files over the network using curl. These requirements contradict the 'no external APIs/native modules' claim.
!
Instruction Scope
Runtime instructions and plugin code read/write many workspace files (SESSION-STATE.md, MEMORY.md, memory/*), which is expected for a memory plugin. However the SKILL.md and code also direct network operations (ollama endpoints, model pulls) and reference environment variables (OLLAMA_URL, EMBEDDING_MODEL, OLLAMA_HOST) that are not declared in metadata. The plugin auto-injects memory content via a before_agent_start hook — expected for a memory tool, but it means prompts are used as search queries automatically (privacy/behavior implication).
!
Install Mechanism
The skill lists no install spec, yet contains package.json and package-lock.json and explicitly tells users to run npm install. The ONNX embedding component uses execSync to run curl against a third‑party mirror (hf-mirror.com) to download model files — a high-risk download mechanism. The presence of optional native binaries in the lockfile (@lancedb platform-specific packages, apache-arrow) contradicts the 'no native modules' promise.
!
Credentials
skill metadata declares no required environment variables, but the code relies on OLLAMA_URL / EMBEDDING_MODEL and the Kimi embedding module will require KIMI_API_KEY (it throws if not present). KimiEmbedding also uses axios at an absolute path (/usr/lib/node_modules/openclaw/node_modules/axios) which is an unexpected reference to the host filesystem. These undeclared env/credential requirements and absolute-path dependency are disproportionate and puzzling.
Persistence & Privilege
always:false (normal). The plugin registers tools and a before_agent_start handler that can autonomously inject memory into prompts — this is expected for a memory plugin and increases its operational reach, but by itself is not a misconfiguration. No evidence the skill modifies other skills or global agent config beyond normal plugin registration.
What to consider before installing
This skill contains multiple inconsistencies you should understand before installing: - The README/SKILL.md claim 'no native modules or external APIs', but the code requires or optionally uses: a local Ollama server (network), npm packages (including platform-specific optional native binaries), and an ONNX model downloaded via curl from a third-party mirror. If you need strictly offline/pure-JS behavior, this skill does not guarantee that. - KimiEmbedding references an absolute axios path (/usr/lib/node_modules/openclaw/node_modules/axios) and will attempt to call an external API if configured (KIMI_API_KEY). That absolute require is fragile and suspicious — it assumes host filesystem layout and could fail or be abused. - The ONNX embedding code performs network downloads with execSync/curl. Downloads from arbitrary URLs can supply malicious binaries or model files; inspect the download target and prefer official release hosts. - The plugin will write files into whatever directory you run it from (SESSION-STATE.md, memory/). Run initialization in an isolated or empty directory to avoid accidental overwrites of important files. - The plugin auto-injects memories into agent prompts (before_agent_start). If you enable it, be aware that stored memories will be automatically surfaced to agents; disable autoRecall/autoCapture in config if you want tighter control. Recommendations before installing: 1. Review package.json/package-lock and the code paths that call curl/execSync and the KimiEmbedding implementation. Ask the author why absolute axios path is used. 2. Run npm install and initial tests in a sandboxed folder or container, not your primary home/work folder. 3. If you want truly offline/no-native behavior, prefer using only the purejs/simple embedding components and avoid running the ONNX or Ollama instructions. 4. If you plan to allow network downloads or run Ollama, verify the model sources are trusted and consider pinning checksums. 5. If you are uncomfortable with the undeclared env usage (KIMI_API_KEY, OLLAMA_*), do not enable the plugin globally; keep it user-invocable and disable autoRecall. Given these contradictions and the presence of networked downloads and absolute-path references, treat this skill as suspicious until the author clarifies the intended execution model and removes or documents external/network/native requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk9706f2ypfzwq50p32jxwg2yyh820jfq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments