Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Anima Aios
v6.3.0An AI Agent cognitive growth system built on the native OpenClaw architecture. It provides agents with persistent memory management, visual intimacy progress...
⭐ 0· 201·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (persistent memory, knowledge palace, team ranking) align with the files and functions present: code reads/writes OpenClaw memory, maintains Anima 'facts', computes cognitive profiles and team rankings. Requesting no external credentials is consistent. However team ranking and multi-agent scanning are built-in features of the code (reading other agents' cognitive_profile.json under facts_base), so the 'low-intrusion' claim depends entirely on configuration flags.
Instruction Scope
SKILL.md and SECURITY.md say team scanning and memory_watcher are disabled/optional by default, but core code paths call TeamScanner and perform auto-scans when generating profiles (generate_profile auto_scan=True triggers TeamScanner.scan_active_agents()). There are also explicit reads of other agents' files (cognitive_profile.json, facts directories) and auto-import behavior (scans .learnings/). The runtime instructions and code therefore permit reading other agents' local data; it's not purely limited to the current agent unless config flags are correctly respected everywhere — which the shown code does not consistently enforce.
Install Mechanism
No external downloads in the manifest and no installer spec; dependencies are limited (watchdog optional). That reduces supply-chain risk. However a post-install.sh file is included — its content should be inspected because it can add cron tasks or modify configs. The presence of multiple helper scripts (sync-memory.sh, refresh-quests.sh) indicates the package intends background/scheduled tasks; check post-install actions before running.
Credentials
The skill requests no secrets and only optional env vars (ANIMA_FACTS_BASE, ANIMA_WORKSPACE, ANIMA_AGENT_NAME), which fit its stated aims. Still, it accesses and writes paths outside a single agent's workspace (default facts_base: /home/画像, shared directory, other agents' cognitive_profile.json). Those filesystem accesses are appropriate for team-ranking features but are privacy-sensitive and should be explicitly enabled by the user.
Persistence & Privilege
always:false (good), but the package includes scripts and a post-install.sh which may create persistent behavior (watchdog-based memory_watcher, cron-based daily evolution, scheduled team ranking). Even if disabled by default in config, scripts could be used to enable background tasks during installation. The skill writes under ~/.anima and the facts_base (default /home/画像), which creates persistent local state.
What to consider before installing
This package appears to implement the features it advertises, but it performs local filesystem scanning across agents and can create background/scheduled tasks. Before installing:
- Inspect post-install.sh and any scripts (sync-memory.sh, refresh-quests.sh) to see whether they modify cron or autostart entries.
- Install and test in a sandbox: set ANIMA_FACTS_BASE to a temporary directory (export ANIMA_FACTS_BASE=/tmp/anima-test) so it cannot read /home/画像 or other agents.
- Keep team_mode and memory_watcher disabled unless you explicitly want multi-agent scanning; verify TeamScanner honors team_mode by reviewing its code.
- If you run it in a shared/multi-agent environment, review and back up other agents' data first.
- If you want stronger assurance, run the included tests (python3 tests/test_integration_v6.py) and manually review any code paths that access network or spawn background processes before granting it persistent installation.Like a lobster shell, security has layers — review code before you run it.
latestvk97ae54c6mez3c9ve6ngcr71vx83ybz4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.