ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

SolCore Memory System

v1.0.0

Provides persistent, scored memory storage, pattern detection, context retrieval, and reflection analysis to enhance AI statefulness and learning in OpenClaw.

0· 53·0 current·0 all-time
by@michaelandsol

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for michaelandsol/solcore-memory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "SolCore Memory System" (michaelandsol/solcore-memory) from ClawHub.
Skill page: https://clawhub.ai/michaelandsol/solcore-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install solcore-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install solcore-memory
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to provide persistent, scored memory using PostgreSQL and a webhook server. That purpose is coherent with the code's behavior (the plugin forwards memory/store/context requests to a webhook). However, the plugin does not include the webhook server and the package metadata/README expect a DB and webhook server to be installed separately. The plugin's entry points and config schema also don't match the installation/configuration instructions (see details), which is an incoherence.
!
Instruction Scope
SKILL.md / README instruct the agent to store interactions (with filtered rules) and to call solcore_get_context before responding. The runtime code, however, will unconditionally POST provided input/output to the configured webhook endpoint (no enforced filtering in the plugin). The README says 'Do NOT store' certain data, but the plugin does not implement or enforce that filtering — it relies on an external webhook service. This gives broad discretion to whatever service is listening on the webhook.
Install Mechanism
There is no formal install spec in the registry (instruction-only), and the SKILL.md suggests cloning a GitHub repo. That's a fairly standard pattern, but the registry's 'source' and 'homepage' are unknown which reduces transparency. No unusual download URLs are present in the plugin itself.
!
Credentials
The plugin declares no required env vars or credentials, but the README and SKILL.md instruct the user to configure PostgreSQL credentials and a webhook port in OpenClaw config. The runtime code only uses a webhookUrl (defaults to http://localhost:5003) and will POST raw user input/output to that URL. Because the webhookUrl is configurable, pointing it at a remote host would cause potentially sensitive content to be sent off-host. The plugin does not request or validate DB credentials itself — it delegates persistence to an external service — but that delegation is not reflected in metadata and creates risk if the webhook is misconfigured.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It registers tools the agent can call; autonomous invocation is allowed by default on the platform (not a special privilege of this skill). Combined with the instruction to call solcore_get_context/store around responses, this can lead to frequent reads/writes to the webhook server, so the potential blast radius depends on webhook configuration.
What to consider before installing
This skill is plausible but inconsistent in several ways — do not install it into a production agent without verification. Before installing: 1) Confirm the upstream repository (the SKILL.md points to a GitHub repo) and review the webhook server code (the plugin delegates storage to a separate service). 2) Ensure the webhookUrl is set to a trusted, local-only endpoint (e.g., http://localhost:5003) or otherwise restrict network access so memories cannot be POSTed to external hosts. 3) Verify the external webhook implements the claimed filtering rules (so small talk and low-signal content are not stored). 4) Note the packaging mismatches: openclaw.plugin.json lists entry: "index.js" while package.json/main is index.ts — ensure a valid runtime artifact exists (compiled .js) or the plugin may fail. 5) If storing any user-provided content, audit the storage schema and retention policy, and avoid enabling this skill if you cannot guarantee the webhook/storage service is trustworthy and isolated.

Like a lobster shell, security has layers — review code before you run it.

latestvk978t6whsmsf0jpe73gb0w4djx8529d2
53downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@michaelandsol
latest
Download

SolCore Memory System

Persistent, reflective memory for OpenClaw that transforms reactive AI into stateful, learning AI.

What It Does

  • Stores interactions with evaluation scoring (5 dimensions)
  • Detects patterns in behavior (hesitation, chasing, discipline)
  • Retrieves context relevant to current queries
  • Runs reflection analysis on memory timelines
  • Links memories across domains via edges

Installation

# Install from ClawHub
openclaw skill install solcore-memory

# Or clone manually
git clone https://github.com/MichaelandSol/Solcore-persistent-memory-for-AI.git
openclaw skill link ./Solcore-persistent-memory-for-AI

Configuration

Requires PostgreSQL database:

# ~/.openclaw/config/openclaw.yaml
plugins:
  solcore-memory:
    database:
      host: localhost
      port: 5432
      name: solcore
      user: solcore
      password: your_password
    webhook:
      port: 5003

Usage

The plugin automatically:

  1. Stores every interaction with metadata
  2. Evaluates on 5 dimensions (result, structure, timing, strength, alignment)
  3. Extracts entities (stocks, people, concepts)
  4. Retrieves relevant context for queries
  5. Detects behavioral patterns over time

Tools Provided

  • solcore_store_memory - Store interaction with scoring
  • solcore_get_context - Retrieve relevant memories
  • solcore_reflect - Run reflection analysis

GitHub

https://github.com/MichaelandSol/Solcore-persistent-memory-for-AI

Comments

Loading comments...