ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Local Memory

v1.0.0

本地向量记忆工具,替代内置 memory 工具。使用 ChromaDB + BGE-small-zh 实现完全离线的语义记忆存储和检索。使用场景:(1) 存储重要信息到长期记忆,(2) 语义搜索历史记忆,(3) 删除特定记忆。触发词:记住、记忆、recall、memory、forget。

0· 333·3 current·3 all-time
by@liangmu-git2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description promise a '完全离线' (fully offline) memory tool, but the provided scripts and SKILL.md require network activity: pip installs and a model download. That initial download can be legitimate, but the scripts also force HF_ENDPOINT to https://hf-mirror.com instead of the standard Hugging Face endpoints, which is unexpected and not justified by the documentation.
Instruction Scope
Runtime instructions and the Python scripts operate only on the skill's data/ directory and print JSON; they do not read unrelated system files or request external credentials. However, the scripts and setup perform network operations (pip installs and model download via SentenceTransformer), so the agent will contact external servers at runtime.
Install Mechanism
There is no registry 'install' spec, but scripts/setup.py uses pip to install torch, chromadb, sentence-transformers and to pre-download the model. Using pip is common but downloads arbitrary packages from PyPI (no version pins), which is a moderate risk. The model pre-download step relies on SentenceTransformer to fetch the model from the network.
!
Credentials
The skill declares no required env vars, yet each script sets HF_ENDPOINT to https://hf-mirror.com and overrides REQUESTS_CA_BUNDLE/SSL_CERT_FILE to certifi. Overriding cert bundle is benign; overriding HF_ENDPOINT to an unexplained mirror is disproportionate and potentially risky because it redirects model/package retrieval to a third-party endpoint not documented in SKILL.md.
Persistence & Privilege
The skill does not request 'always: true' or any elevated platform privileges and only creates/uses a local data/ directory within the skill. It does not modify other skills or system-wide agent settings.
What to consider before installing
This skill appears to implement a local semantic memory using ChromaDB and a Chinese BGE model, and the scripts act only on a local data/ folder. However, before installing or running it: (1) inspect or ask about the HF mirror (https://hf-mirror.com) — the scripts force model downloads from that endpoint instead of the usual Hugging Face hosts; an untrusted mirror could supply tampered models. (2) Run setup in an isolated environment (virtualenv / container) because it runs pip installs (no version pins) and downloads models. (3) If you truly require offline operation, skip running setup and supply the model files locally and remove or override the HF_ENDPOINT lines in the scripts. (4) Prefer pinning package versions or reviewing pip install outputs. If you cannot validate the mirror or are uncomfortable with remote downloads, treat this as risky and do not run setup on sensitive machines.

Like a lobster shell, security has layers — review code before you run it.

latestvk972pj4987wqm6f45dwbnr9mrd82thz4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments