ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Enhanced Memory System V2

v1.2.0

完整记忆系统 - 文件系统记忆 + 向量搜索 + 四类记忆分类 + AutoDream 自动整合

0· 57·0 current·0 all-time
by@minmengxhw-cpu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements the declared features (file-based memory, vector search via Ollama, auto-load/flush, AutoDream consolidation). However, there are mismatches: the skill.json lists dependencies ('ollama', 'nomic-embed-text') and the code calls the 'ollama' command and invokes curl, yet the metadata's 'required binaries' lists none. This omission is disproportionate: running vector embedding requires a local Ollama service and a curl/binary or an 'ollama' binary accessible on PATH. Also there is a small naming inconsistency in embed defaults ('nomatic-embed-text' vs 'nomic-embed-text') which looks like a bug.
!
Instruction Scope
SKILL.md and code legitimately read and write many files under the configured memoryDir (expected for a memory system). But AutoDream's described behavior includes '识别过时信息并删除' (identify and delete outdated information). The code's executeDream builds a prompt that instructs an LLM to delete/merge memory files; while the code itself doesn't directly delete files, the prompt delegates destructive decisions to an LLM or caller — that grants broad discretion to modify or remove user files. The skill also attempts to read session token counts via dynamic import('openclaw'), which accesses platform runtime state. These behaviors expand scope beyond passive read-only memory access and warrant caution.
Install Mechanism
There is no install spec (files are present in the bundle), so no external download step is present — good. But the code executes shell commands ('ollama list' and curl) and skill.json declares dependencies that may not correspond to npm packages; the lack of declared required binaries (curl, ollama) is inconsistent and may lead to runtime surprises. No remote/external download URLs or obfuscated installers were found.
Credentials
The skill does not request secrets or external API keys. It reads HOME and platform-provided APIs (globalThis.openclaw / import('openclaw')) which is expected for an OpenClaw skill. It does not attempt to exfiltrate to remote hosts — network calls are directed to localhost:11434 (Ollama).
Persistence & Privilege
The skill is not 'always: true' but registers hooks (onSessionStart, onHeartbeat). onHeartbeat will automatically check and (if conditions met) run AutoDream; that means the skill can autonomously run periodic consolidation logic and update its .auto-dream-state.json and possibly prompt an LLM to change memory content. This autonomous behavior combined with the potential to delete/merge memory files increases risk — consider disabling AutoDream until reviewed.
What to consider before installing
Key things to consider before installing: - Backup your memory directory (~/.openclaw/workspace/memory by default). AutoDream describes deleting/merging outdated entries; even if the code currently only emits prompts, the overall flow can lead to deletions if an LLM or caller applies changes. - This skill calls local commands (exec('ollama list') and uses curl to http://localhost:11434). Make sure you have a local Ollama service and curl available if you want vector search; the skill metadata did not declare these required binaries — runtime failures are likely otherwise. - There is a dependency/typo inconsistency (embed default uses 'nomatic-embed-text' but config and dependencies mention 'nomic-embed-text'). Expect embedding issues; review embed.ts before trusting semantic search results. - The skill dynamically imports platform APIs (import('openclaw')) to read session token counts; this is expected for integration but means the skill interacts with runtime session state. - The skill uses child_process and shell-calls. Although network calls are to localhost in the code, child_process usage can run arbitrary commands — review the code and ensure you trust the author. - Recommended actions: run in an isolated environment or test agent, set autoDream.enabled = false and flushMode = 'manual' in config initially, ensure you have file backups, and audit the code paths that would modify or delete files before enabling automated hooks. If you want, I can point out the exact lines where the shell calls, file-writes, and AutoDream prompt generation occur and suggest concrete config changes to reduce risk (e.g., disable onHeartbeat, set autoDream.enabled=false).

Like a lobster shell, security has layers — review code before you run it.

latestvk97c1qrgpxvbjqa715nbc2879n83ydjv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments