Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (weekly reports, search, permanent mark) match the shipped Python script which reads ~/.openclaw/workspace/MEMORY.md, builds reports, and writes under ~/.openclaw/workspace/memory-tree/data. However docs/README/SECURITY.md mention semantic backends (Ollama / cloud fallbacks) and 'zero-config' automatic behavior while the v2.0 script header states Ollama/cloud embedding was removed. This mismatch between docs and code is confusing and unexpected.
Instruction Scope
SKILL.md instructs running the included script for weekly/search/mark. The code reads and writes files under the user's OpenClaw workspace (~/.openclaw/... ) and reads openclaw.json to detect 'enabled channels' — behavior that is coherent for pushing reports to configured channels but expands scope beyond just local indexing/search. SECURITY.md states a 'setup' command will create cron jobs for daily/weekly tasks; that means the skill can persist scheduled actions on the user's account if the user runs setup. The SKILL.md itself does not make the cron/setup step explicit, which is scope-creep and a usability/safety concern.
Install Mechanism
This is an instruction-only skill with a single Python script and no install spec — nothing is downloaded or installed automatically by the skill bundle itself. That lowers install-time risk.
Credentials
The skill declares no required env vars or credentials. SECURITY.md (included) warns older versions or configurations may send content to cloud embedding APIs if ZHIPU_API_KEY or OPENAI_API_KEY are present. The current v2.0 script text shown does not reference cloud API keys, but the documentation's mixed messages mean a user should verify the exact code version and ensure no unintended cloud keys are present if they require strict locality.
Persistence & Privilege
The package can create user-level cron jobs (per SECURITY.md) when the 'setup' command is invoked; that grants persistent scheduled execution. While user-level cron is not a system-wide escalation, it is a non-trivial persistent presence and should only be enabled after reviewing the exact setup steps and crontab entries. The skill also reads/writes files under the user's workspace and openclaw.json, which is expected but noteworthy.
What to consider before installing
This skill appears to implement the advertised local weekly-report/search/mark features, but the documentation and security note contain inconsistencies about cloud fallbacks and automatic cron installation. Before installing: 1) Inspect scripts/memory_tree.py yourself (it is included) to confirm there are no network calls or reference to cloud API keys in the shipped version. 2) Check your environment for OPENAI/ZHIPU (or other cloud) API keys if you require strictly local operation — remove/unset them or run the script in an isolated environment. 3) If you don't want persistent scheduling, do not run the 'setup' command (or inspect the exact crontab entries the setup would create). 4) Backup ~/.openclaw/workspace and review openclaw.json (the skill will read it to detect channels). 5) If anything in the README/SECURITY.md doesn't match the actual code you see, treat that as a red flag and ask the author to clarify.Like a lobster shell, security has layers — review code before you run it.
embeddingvk976xskap15fmhyps3vxvcy1c5835aj1latestvk9731zq6rbmna7a46knj2d6ped83k8ycmemoryvk976xskap15fmhyps3vxvcy1c5835aj1ollamavk976xskap15fmhyps3vxvcy1c5835aj1searchvk976xskap15fmhyps3vxvcy1c5835aj1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.