Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
HeyCube AI Memory Butler
v1.0.0一键安装 HeyCube 黑方体个人档案管理服务到 OpenClaw。 创建 GET_CONFIG/UPDATE_DATA 两个 Hook Skill、SQLite 管理工具、修改 TOOLS.md 和 AGENTS.md。 触发场景:"安装黑方体"、"配置 HeyCube"、"heycube setup"、"安...
⭐ 0· 119·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match what the files and instructions do: create GET_CONFIG/UPDATE_DATA hook skills, install a local SQLite helper, and append entries to TOOLS.md and AGENTS.md. The included personal-db.js and package.json are appropriate for local storage management.
Instruction Scope
Runtime instructions ask the installer to copy hook SKILL.md files into ~/.agents/skills, add an AGENTS.md 'hard rule' section that forces pre/post execution for every substantive conversation, and send strictly '脱敏' (de-identified) summaries to the external BASE_URL. The instruction set stays within the declared purpose but grants the skill broad runtime scope (pre/post hooks on every dialogue) and relies on correct de-identification practices which cannot be enforced by the code.
Install Mechanism
No automatic binary download or remote archive; installer asks the user to run npm install in workspace/scripts which will pull better-sqlite3 from the public npm registry (a native module that may require build tools). This is a moderate risk (expected for Node native modules) but there are no opaque URLs or extract-from-unknown-host steps.
Credentials
The skill declares no required env vars. It expects the user to store BASE_URL/API_KEY/DB_PATH in TOOLS.md (i.e., the API key will be in a plaintext workspace file unless the user chooses otherwise). The code reads an optional SOUL_DB_PATH env var (not declared in metadata). Requesting an API key to call the external service is proportionate, but storing secrets in TOOLS.md and having an undeclared env var are worth noting.
Persistence & Privilege
The installer explicitly edits AGENTS.md to insert a hard rule that will cause its hooks to run for every 'substantive' conversation and copies hook skills into ~/.agents/skills. This modifies global agent configuration (not just adding a skill that runs when matched) and effectively grants the skill persistent, cross-conversation execution — a meaningful privilege that can increase blast radius if the external service or de-identification fails.
What to consider before installing
What to consider before installing:
- This skill will modify AGENTS.md and add hook SKILLs under ~/.agents/skills so that its pre/post hooks run for every substantive conversation. Back up AGENTS.md and TOOLS.md first.
- It sends de-identified summaries to an external endpoint (https://heifangti.com). Even with de-identification rules, there's residual risk of sensitive data leakage; only enable if you trust that service.
- The API key is expected to be stored in TOOLS.md (plaintext) unless you choose another storage method — treat it like a secret and avoid committing it to repos.
- Installation runs npm install (better-sqlite3): this pulls a native module from npm and may require C++ build tools; review dependencies if you require a hardened environment.
- The personal-db.js uses an optional SOUL_DB_PATH env var (not declared in registry metadata). If you want DB elsewhere, set this before running.
- Prefer manual installation steps: copy and inspect assets/hook-skills/*.md and scripts/personal-db.js, test in an isolated environment, and verify the de-identification outputs before enabling automatic hook execution.
If you are uncomfortable with persistent hooks or sending any data to an external server, do not install or remove the AGENTS.md/skill copies after review.Like a lobster shell, security has layers — review code before you run it.
latestvk97fdnq2d7z2ken961tbekpvnd832e9q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.