ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evomemory Core

v1.0.0

Full-stack evolutionary local memory system with dual backends, hybrid RAG retrieval, semantic deduplication, auto-classification, GPU acceleration, and 100%...

0· 53·0 current·0 all-time
by@lulan3954-a11y
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md emphasizes '100% offline' operation and zero-third-party APIs, but chromadb_plugin.py explicitly supports a cloud HttpClient mode (host/port + api_key) which would send data to a remote ChromaDB endpoint. The plugin also defaults to a BGE-M3 SentenceTransformer model which, in typical installs, will download weights from external model hubs unless pre-provisioned — contradicting the offline claim. GPU/cuda defaults are enabled by default in the factory, which is reasonable for performance but may be unexpected for a 'zero configuration' installer.
Instruction Scope
SKILL.md runtime instructions are limited (run install.sh, run migrate, use evomemory commands). The installer and migration script operate on ~/.openclaw (copying plugin files, creating config) and the migration tool inserts ~/.openclaw on sys.path and imports core.vector_store.lancedb_store — this accesses local OpenClaw internals and user data stores. The instructions do not explicitly tell the user about network-capable modes or model downloads.
Install Mechanism
No remote arbitrary binary download; installer uses pip3 to install chromadb and sentence-transformers (moderate risk because packages will be fetched from PyPI and may pull model artifacts). install.sh copies files into ~/.openclaw/extensions and writes config files. Minor inconsistency: SKILL.md lists lancedb and jieba as dependencies but install.sh only pip-installs chromadb, sentence-transformers, and pyyaml (jieba and lancedb are not installed). install.sh also tries to 'cp -r docs' though a 'docs' entry isn't present in the manifest, indicating a sloppy installer that may fail or behave unexpectedly.
Credentials
The skill declares no required environment variables or credentials (good), but the code accepts an api_key and host/port for cloud mode. The presence of parameters that enable remote connectivity (api_key, host, port) without any mention in SKILL.md of when those would be used is an informational mismatch: the skill can be local but also configured to send data externally if the user provides credentials—this should be made explicit.
Persistence & Privilege
The skill does persist files into the user's OpenClaw directories (~/.openclaw/extensions and ~/.openclaw/config), which is expected for an OpenClaw plugin. always:false and default autonomous invocation are unchanged. No attempt to modify other skills' configs or set global system-wide changes beyond writing its own extension/config files was observed.
What to consider before installing
This package implements a local ChromaDB plugin but contains several inconsistencies you should consider before installing: - Offline claim vs network capability: The code supports connecting to a remote ChromaDB (host/port + api_key). If you configure those, your data could be sent to a remote server. The skill's README/description should clearly state this possibility — it currently emphasizes '100% offline', which is misleading. - Model downloads: sentence-transformers (BGE-M3 default) typically downloads large model weights from external model hubs unless you pre-download them. Expect network activity on first use unless you provision models offline. - Installer behaviour: install.sh runs pip3 (system-wide by default), copies files into ~/.openclaw, and writes a config. It does not pip-install all dependencies listed in SKILL.md (lancedb, jieba are missing), and it tries to copy a docs/ directory that may not exist. Run the installer in a controlled environment (virtualenv or container), inspect install.sh, and fix the dependency list before running it. - Migration script access: migrate_lancedb.py inserts ~/.openclaw on sys.path and imports internal OpenClaw modules (core.vector_store.lancedb_store). That will access your existing local OpenClaw internals and data. Back up your OpenClaw data and review the migration script carefully before running it. Recommendations: - Review the code yourself (especially chromadb_plugin.py and install.sh) or have someone you trust do so. - Run the installer in a disposable VM or container, or at least in a Python virtualenv, and inspect network activity on first run. - If you need guaranteed offline operation, confirm how models are provisioned and change default model settings to point to locally-hosted artifacts before use. - Consider pinning package versions and adding missing dependencies (jieba, lancedb) explicitly to the install step, or install packages manually. Given these mismatches (misleading offline claim, missing dependency installs, and potential for remote connectivity if configured), I rate this skill as 'suspicious' rather than 'benign'. If you can validate and correct the items above, the code otherwise appears to implement the stated functionality.

Like a lobster shell, security has layers — review code before you run it.

latestvk978bzj47fpmfgx0st7jp22a9184cedv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments