ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

lethe

v1.0.1

Lethe — persistent memory layer for AI agents. Handles startup orientation, active memory queries, proactive recall, decision recording, and flag management....

0· 65·0 current·0 all-time
by@mentholmike
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: the skill expects a local Lethe server (HTTP API) and uses curl/jq to query it, and optionally Docker to run the server image. However, the SKILL.md asserts the plugin is the agent's primary memory and references a Docker image (ghcr.io/openlethe/lethe) without providing any install/run steps or provenance; source/homepage are unknown. Requiring curl/jq (and Docker) is consistent, but lack of deployment instructions and absence of author provenance is surprising for a primary-memory skill.
!
Instruction Scope
The runtime instructions instruct the agent to call localhost:18483 API endpoints and to always run a startup sequence 'first, always'. The instructions reference an environment variable SESSION_KEY (and a local CLI ~./openclaw/skills/.../lethe-log) that are not declared in the skill metadata. The SKILL.md gives explicit endpoints and search/record workflows — that’s expected — but it also requires the agent to perform these local network calls on every new session and to surface unresolved flags, which expands the agent's operational scope without the metadata declaring the needed env var or how the server is installed/managed.
Install Mechanism
No install spec is provided (instruction-only), which is low-risk in general. The SKILL.md refers to running a Lethe server container (ghcr.io/openlethe/lethe) and states Docker is required — but it does not provide a controlled install script or steps. Pulling/ running that container would be an external action the user must perform; the lack of an official install method or provenance increases risk because the skill expects a server that the platform does not automatically provide.
!
Credentials
The instructions depend on a SESSION_KEY value injected at runtime and mention LETHE_API for future SaaS mode, yet requires.env is empty and no primaryEnv is declared. The agent will be instructed to use SESSION_KEY extensively (including session-summary and event queries) but the skill metadata does not declare it. That undeclared credential coupling is an inconsistency that should be resolved before trusting the skill.
Persistence & Privilege
The skill is not marked always:true (so it won't be force-included), but SKILL.md repeatedly instructs the agent to 'Run First, Always' at session start. This is a behavioral recommendation rather than a platform-level privilege, but it is a mismatch between guidance and metadata. Autonomous invocation is enabled (platform default); combined with the other concerns this increases the importance of verifying provenance and the SESSION_KEY behavior.
What to consider before installing
This skill appears to be a local-memory adapter that queries a Lethe server on localhost. Before installing or enabling it, verify the following: (1) source and provenance — who published this skill and where is the Lethe server image from? (2) SESSION_KEY handling — confirm how SESSION_KEY is injected, what privileges that key grants, and why the skill did not declare it in its metadata; do not expose secrets until you understand who injects them. (3) server ownership — ensure the Lethe server at localhost:18483 is under your control (or run it yourself from a vetted image) so the skill cannot read other local services. (4) deployment steps — the SKILL.md references a ghcr.io image but provides no run commands; ask the author for explicit, reproducible installation/run instructions. If you cannot verify the origin or SESSION_KEY mechanics, run the skill only in an isolated environment or do not install it. Additional information that would reduce uncertainty: a homepage/repo for the skill and the Lethe server, explicit declaration of required env vars (SESSION_KEY, LETHE_API) in metadata, and an install/run spec that you can review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0cvmcm8n0zbtrqrxednagn83rypa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binscurl, jq
Any bindocker

Comments