Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
向量记忆自我进化系统
v2.1.1向量记忆自我进化系统 - 结合 BGE 向量模型、Chroma 向量库、四层记忆架构,实现自动错误捕获、用户纠正学习、最佳实践积累、语义检索的自我进化能力。
⭐ 0· 93·0 current·0 all-time
byvector-memory-self-evolution@lxbl79
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (BGE embeddings + Chroma vector DB + memory lifecycle) match the included code (vectorize_memories.py, memory_api.py, search scripts) and there are no declared external credentials; this is coherent with a local memory/indexing tool. However, SKILL.md references setup scripts and other helper scripts (setup_memory_system.sh, start_bge_service.sh, code_security_scan.py) that are not present in the file manifest or repository listing, which is an inconsistency.
Instruction Scope
Runtime instructions focus on local files, cron jobs, and a local BGE service at http://localhost:11434 — which matches code that posts embeddings to localhost. But SKILL.md also instructs running scripts that are missing from the bundle and refers to functions/scripts (e.g., a memory_api.log used by redact_tool.log_redacted) that do not exist in the provided code. These gaps mean the delivered instructions may cause runtime errors or leave promises (like code security scan / automatic setup) unfulfilled.
Install Mechanism
No install spec (instruction-only) so nothing is downloaded from remote sources by an installer. Code files are included in the skill package and would be placed on disk when the skill is installed — expected for a code-containing skill. No third-party remote download URLs are present in the provided sources (the only network call is to localhost).
Credentials
The skill declares no required environment variables or external credentials, and the code operates on local workspace paths and a local embedding service. Redaction rules reference AWS-style keys and tokens (to redact them if encountered) but the skill does not request those credentials; this is proportionate. Note: because the skill writes and reads user workspace files, it can process any local content placed into its memory directories.
Persistence & Privilege
always:false and no modifications to other skills are requested. The skill expects to create and manage files under ~/.openclaw/workspace (memory, archive, vector_db) and suggests cron entries — these are standard for a local service but constitute persistent data storage. Nothing indicates it gains elevated system privileges.
What to consider before installing
This skill appears to implement a local vector-memory system (BGE embedding service + Chroma DB) and mostly restricts activity to your home workspace and localhost. Before installing or enabling auto-capture: 1) Verify the missing files and functions: SKILL.md references setup_memory_system.sh, start_bge_service.sh, and scripts/code_security_scan.py that are not in the package, and redact_tool calls memory_api.log which does not exist — these will cause runtime errors and may leave redaction/scanning nonfunctional. 2) Confirm the origin of the BGE embedding service you will run on localhost (who provides it, and whether it sends data externally). 3) Inspect and test the code in a sandbox or VM (especially vectorize_memories.py which will POST memory text to the embedding service) before enabling cron/auto-capture. 4) Because the skill will read and write files under ~/.openclaw/workspace and could store extracted content, avoid feeding it sensitive secrets until you confirm redaction actually works. 5) If you want to proceed, request the missing scripts or a corrected release (fix the memory_api.log reference and supply the setup/start/scan scripts) or run the bundled scripts manually after review.Like a lobster shell, security has layers — review code before you run it.
aivk9704mnq28qb6evk4w5j4sgtp183v9djlatestvk97a1g95g8xkkm462t0ycft9mn83vwe4learningvk9704mnq28qb6evk4w5j4sgtp183v9djmemoryvk9704mnq28qb6evk4w5j4sgtp183v9djself-improvingvk9704mnq28qb6evk4w5j4sgtp183v9djvectorvk9704mnq28qb6evk4w5j4sgtp183v9dj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.