ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mem Plus

v1.6.1

基于身份优先和中文Bigram增强,提供个人AI助手的第一性原则精确召回,默认关闭多样性MMR以确保确定性。

0· 73·0 current·0 all-time
by@mars82311111
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (identity-first personal recall with Chinese bigram boost) matches the code's retrieval, boosting, and reranking logic. However, the skill hardcodes user-specific paths (/Users/mars/...), inserts a site-packages path, and references other scripts/files (e.g., super_mem_cli.py) that are not present in the bundle — these are developer-environment artifacts that reduce portability and suggest the package was packaged from a single user's machine rather than designed for general use.
!
Instruction Scope
SKILL.md and the scripts instruct the agent to read local databases and filesystem paths (e.g., ~/.mempalace/palace/, ~/.super-mem/chroma/, ~/.openclaw/workspace) and will inject file contents (up to large sizes) into results. The reranker also strips OpenClaw metadata patterns (message_id, [user:..], conversation blocks), which removes provenance and could hide origin metadata before data is sent to models or external services. Filename-based direct injection elevates full file contents to rank 1 for certain queries, which could unexpectedly expose sensitive local files. These actions are consistent with a personal recall tool but are high-impact and should be reviewed if you have sensitive files in those locations.
Install Mechanism
No installation steps or external downloads are declared; the skill is instruction + bundled Python scripts only. That lowers supply-chain risk compared to remote downloads. However, the scripts rely on external local binaries/services (mempalace CLI at a hardcoded path and a local Ollama embeddings endpoint), so the runtime requires locally installed components.
Credentials
The skill declares no required environment variables or credentials (good), but it nonetheless accesses local resources: mempalace CLI, a local Ollama HTTP endpoint at localhost:11434, a ChromaDB path, and the user's workspace and mempalace directories. Access to local files and DBs is proportional to a memory-recall skill, but because no explicit consent/credential gating is declared in metadata, users should be aware these filesystem and local-service accesses will occur when invoked.
Persistence & Privilege
The skill is not marked always:true and does not declare any behavior that modifies other skills or system-wide agent settings. It runs as a user-invoked tool and does not request elevated or persistent platform privileges.
What to consider before installing
This skill appears to implement what it claims (identity-first personal memory recall), but exercise caution before installing or running it. Key points to consider: - The code reads local databases and arbitrary files under ~/.openclaw/workspace and mempalace folders and can inject full file contents into agent context — remove or secure any sensitive files in those locations first. - The package contains hardcoded user-specific paths (/Users/mars/..., inserted site-packages path). Verify and edit these paths to match your environment before running; otherwise the skill may fail or behave unexpectedly. - The reranker strips message/conversation metadata (message_id, [user:...], code fences), which may remove provenance — confirm you are comfortable with that sanitization. - The scripts call a local Ollama embeddings HTTP endpoint and the mempalace CLI; ensure those local services are trusted and properly configured. - Because the bundle was clearly packaged from a developer machine and references missing files (e.g., super_mem_cli.py) and platform-specific paths, prefer to review the full source (especially any credential-filtering code not shown) and run in a sandbox or test account first. If you want to proceed: review and edit hardcoded paths, audit any credential-filtering and injection code, and run the scripts in a controlled environment before granting the skill access to your real workspace or memory DBs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d1nbvrkz6ty60hmdke05v6h84fn0g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments