ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Compress

v1.2.1

Never let your agent forget what matters. Compress verbose daily logs into structured summaries — 4-8x compression, zero information loss. Inspired by classi...

0· 290·0 current·0 all-time
by翎麟@linglin6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description promise a markdown-based log compressor; the included Node script implements that functionality with keyword and fallback extraction. The capabilities (parsing headers, producing a compressed markdown summary) match the stated purpose.
!
Instruction Scope
SKILL.md shows CLI examples that imply paths are relative to your current repo/workdir (e.g., node scripts/... memory/2026-03-14.md). The script, however, resolves the input path relative to a WORKSPACE directory (OPENCLAW_WORKSPACE or ${HOME}/.opencl/workspace) which is not called out in the SKILL.md. This difference could cause the script to read files outside the user’s expected working directory (e.g., a global workspace), so the agent running it may access unexpected files.
Install Mechanism
No install spec, no external downloads or dependencies. The skill is instruction-only plus a local JS script; that is low-risk from an install-mechanism perspective.
!
Credentials
Registry metadata declares no required env vars or credentials, but the script reads OPENCLAW_WORKSPACE and falls back to HOME. Those env vars are non-secret, but the SKILL.md does not document them. The script can therefore resolve and read files from a location the user did not explicitly supply.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes. It writes to the output path provided (or /tmp by default) and may create directories, which is normal CLI behavior.
What to consider before installing
This skill appears to implement the advertised compression logic and does not contact networks or request credentials. However, the script resolves input file paths against OPENCLAW_WORKSPACE (defaulting to ~/.opencl/workspace) rather than the current working directory — a behavior not documented in SKILL.md. Before installing/using: 1) inspect the script (done) and confirm the workspace path is acceptable; 2) run it first on a non-sensitive test file and pass explicit absolute paths for input and output to avoid accidental reads of other files; 3) if you prefer behavior tied to the current directory, modify the script to resolve relative to process.cwd() or set OPENCLAW_WORKSPACE explicitly; 4) avoid running it directly on production or sensitive memory until you’re comfortable with its file access and output locations.

Like a lobster shell, security has layers — review code before you run it.

latestvk979sjchhxgvqqfbd87bajfk1582wga6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments