ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

HeyCube AI Memory Butler

v1.0.0

引导安装 HeyCube 黑方体个人档案管理服务到 OpenClaw。分步配置:设置环境变量、安装 SQLite 工具、安装口令触发 Skill。 用户主动说"安装黑方体"、"配置 HeyCube"、"heycube setup"时触发。

0· 137·0 current·0 all-time
by@mmmmmmtl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Skill name/description (install HeyCube personal-archive integration) matches the actions in SKILL.md (set API key, install a local SQLite helper, copy two hook-skill files). However the registry metadata declares no required environment variables or config paths while the runtime instructions clearly require an external API key (HEYCUBE_API_KEY) and a DB path in TOOLS.md. This metadata/instruction mismatch is unexpected and incoherent.
!
Instruction Scope
SKILL.md instructs the agent/user to: set a persistent environment variable (HEYCUBE_API_KEY), run npm install/node scripts in the user's workspace, copy two skill files into the agent's ~/.agents/skills directory, and update TOOLS.md. These steps modify local agent skill state and create persistent files that change agent behavior. The instructions also direct sending de-identified conversation summaries to https://heifangti.com via curl — the data flow is explicit and limited to de-identified summaries, but enforcement of de-identification is procedural (relies on the agent to follow rules), which could be error-prone. Overall the scope is broader than a pure helper (it persists new skills into the agent runtime).
Install Mechanism
There is no formal install spec; the skill is instruction-only but includes a small Node.js script and package.json. The install step is 'npm install' in the workspace, pulling better-sqlite3 from npm (a normal, traceable registry dependency). No external archive downloads or URL shorteners are used. Note: better-sqlite3 may require build tools on the host (native compilation).
!
Credentials
SKILL.md requires storing HEYCUBE_API_KEY in a persistent environment variable and uses that key in curl X-API-Key header. The registry metadata lists no required env vars — inconsistency. The personal-db.js script reads process.env.SOUL_DB_PATH if set (different name than DB_PATH referenced in TOOLS.md), which is another mismatch that may cause confusion. Aside from the single API key, no other secrets are requested; but the undocumented env var expectation and differing DB env var name are proportionality/clarity issues that should be resolved before use.
!
Persistence & Privilege
The setup asks the user to copy two new skill files into ~/.agents/skills/, which grants persistent agent capabilities (new triggerable skills). 'always' is false, but installing persistent skill files is a powerful change to agent behavior. The included skill files are present in the package and appear to do what the SKILL.md describes, but adding skills to the agent should be done cautiously and only after reviewing those files (they are included here and appear consistent).
What to consider before installing
What to check before installing: - Credential provenance: Verify the legitimacy of the HeyCube service and the origin of any API key you will use. Do not reuse sensitive or long-lived credentials from other services. - Metadata mismatch: The registry metadata did not declare HEYCUBE_API_KEY even though SKILL.md requires it; ask the publisher to fix metadata or refuse until corrected. - Env/name mismatches: personal-db.js expects SOUL_DB_PATH as an optional env var, but SKILL.md instructs adding DB_PATH in TOOLS.md — ensure the DB path is set correctly to avoid accidental DB creation in an unexpected location. - Review files before copying: The installation requires copying the two hook SKILL.md files into ~/.agents/skills/ — these will become persistent agent skills. You already have their contents included; review them (they appear to only call the HeyCube API and local SQLite) and only install if you accept that behavior. - Network traffic & privacy: The skill sends de-identified conversation summaries to https://heifangti.com. Confirm you are comfortable with that and with the service's privacy/security practices. Consider running the setup in an isolated project/workspace if you're unsure. - Local install safety: npm install pulls better-sqlite3 (native build). Ensure your system can compile it or consider running in a controlled environment (container/VM) first. - Safer alternatives: If you prefer not to add persistent skills, you can run personal-db.js locally and interact with the API manually, or request the publisher provide clearer metadata and a signed release/homepage. What would change this assessment: - If the publisher updated the registry metadata to declare HEYCUBE_API_KEY (and documented DB env var names) and provided a verifiable homepage/repo or signature, confidence would increase to benign. - Evidence of hidden network calls or obfuscated code would increase severity toward malicious.

Like a lobster shell, security has layers — review code before you run it.

Infinitevk970xzw7pf406qem5qg0m3wh458351bbLocal storagevk970xzw7pf406qem5qg0m3wh458351bbLong-term-memoryvk970xzw7pf406qem5qg0m3wh458351bbOn-demandvk970xzw7pf406qem5qg0m3wh458351bbPrivacy isolationvk970xzw7pf406qem5qg0m3wh458351bbStructuredvk970xzw7pf406qem5qg0m3wh458351bblatestvk970xzw7pf406qem5qg0m3wh458351bb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments