Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memory Treasure
v4.3.1Complete memory management tool to activate, organize, and back up your AI’s memory folder; must be paired with memory-key for full function.
⭐ 0· 160·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description claims it "must be paired with memory-key for full function," yet the registry metadata/manifest declare no required credentials or primaryEnv. The SKILL.md expects the agent to activate, load, and back up a local memory folder — that purpose would legitimately require access to specific file paths and possibly a key, but those accesses/credentials are not declared. Also the included _meta.json and registry metadata disagree on owner/version, which is an integrity/incoherence signal.
Instruction Scope
The runtime instructions tell the agent to automatically load 'hot' memory on every startup, archive conversation logs hourly via cron, and perform backups on command — all of which imply the agent will read and write local memory directories (including an '重要文件' folder that explicitly mentions 'Keys'). The SKILL.md does not declare or restrict which file system paths are allowed, nor does it provide safe-handling rules for secrets. It also prescribes behaviors (cron jobs, automatic hourly archiving) without providing an install mechanism to create those jobs.
Install Mechanism
This is instruction-only (no install spec, no code files), which minimizes supply-chain risk. However, the instructions describe persistent runtime behaviors (hourly cron, automatic startup loading, creating archives) that cannot be enforced or implemented automatically by an instruction-only skill without additional installation steps — a mismatch between what the doc expects and what the platform will actually do.
Credentials
The skill requests no environment variables or credentials but references storing and loading sensitive content and even an '重要文件' folder labeled with 'Keys'. The absence of declared credentials or config paths conflicts with the stated need to be "paired with memory-key" and with the access implied by the instructions. This under-declaration increases risk of undeclared secret access or accidental exposure.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. However, it mandates '每次启动必须加载' (must load on every startup) and aims to auto-load hot memory each startup — this gives it persistent runtime impact if the agent or platform autonomously follows the instructions. Autonomous invocation is platform-default; combined with the other concerns (undeclared keys and file access), that raises risk.
What to consider before installing
This skill's goal (organize and back up an AI 'memory' folder) is plausible, but several inconsistencies merit caution: 1) The description says it needs a "memory-key" but no credential or env var is declared — ask the author how that key is supplied and why it was omitted. 2) The instructions tell the agent to load files every startup and to archive raw conversation logs and an 'Important files' folder that explicitly mentions 'Keys' — verify exactly which filesystem paths the skill will read/write and confirm sensitive files (API keys, system secrets) will be excluded or encrypted. 3) The SKILL.md expects cron jobs and automated backups but there is no install spec to create those jobs; ask how scheduled archiving and backups are implemented and whether you must opt in. 4) The manifest metadata (owner/version) mismatches the registry listing — request clarification or a signed/consistent manifest. Recommend: do not install or grant filesystem access until the author clarifies how the memory-key is provided, which paths are accessed, whether secrets are excluded/encrypted, and how scheduling/backups are implemented. If you proceed, limit the skill to a dedicated memory directory (not system or home dirs with keys), audit the files it will read/write, and prefer an explicit credential-binding mechanism rather than implicit or undocumented access.Like a lobster shell, security has layers — review code before you run it.
latestvk97fzxf8p0d91e3crvwgjk7ev183xah0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.