ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MidOS Memory Cascade

v1.0.0

Auto-escalating multi-tier memory search that cascades from in-memory cache through SQLite, grep, and LanceDB vector search to find the best answer with mini...

0· 351·2 current·2 all-time
by@msruruguay
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description match the code: this is a multi-tier memory cascade that checks an in-memory cache, JSON state files, SQLite, keyword/FTS, a grep fallback, and LanceDB-backed searches. The declared requirements (no env vars or binaries required) are mostly consistent with the described stdlib-first design, but the documentation explicitly mentions 'ripgrep' (T4) and LanceDB tiers (T5/T5b). If the implementation invokes the 'rg' binary or other external tools, the manifest should have listed that binary as required; conversely, if grep is implemented in Python, the documentation may be overstating the external dependency. Overall capability matches purpose, with a minor documentation vs. manifest mismatch to confirm.
Instruction Scope
SKILL.md and the code indicate the skill will read and write local files: it reads pipeline_synergy.db (ROOT/knowledge/SYSTEM/...), iterates SYSTEM_DIR JSON files, and writes cascade_stats.json. The API includes store() which writes to a docs/patterns/ (staging) area. These behaviors are consistent with a memory system, but they do involve filesystem reads/writes under the repository's parent directories; verify those paths point only to data you expect. Also confirm whether the T4/T5 tiers call external processes or remote services (LanceDB) — the runtime instructions route queries to semantic search and mention optional packages, so network access is plausible even though no network credentials are requested.
Install Mechanism
There is no install spec (no remote downloads), and the package is delivered as source code in the skill bundle. This is lower risk than an arbitrary installer URL. The code relies on stdlib for core tiers; optional third-party packages are named but not required at install time.
Credentials
The skill declares no required environment variables, secrets, or primary credential. The described functionality (local cache, JSON, SQLite, optional LanceDB) can operate without credentials in many deployments. Note: if LanceDB is remote/hosted, it may require credentials outside the skill; the skill does not request them, so double-check how LanceDB connections are configured in your environment before use.
Persistence & Privilege
always is false and the skill persists only its own stats to knowledge/SYSTEM/cascade_stats.json and writes via store() to its own docs/staging area. It does not request system-wide or other-skills configuration modification. The agent will be able to invoke it autonomously (default), which is normal for skills; no elevated 'always:true' privilege is present.
Assessment
This skill appears to be what it claims: a local multi-tier memory retriever. Before installing or enabling it broadly, check the following: - Search memory_cascade.py for subprocess or os.system calls (especially to 'rg', 'ripgrep', or other binaries). If it shells out to external binaries, the manifest should list them as required and you should ensure those binaries are trusted. - Search the file for any network-related imports or calls (e.g., requests, http.client, hive_commons/LanceDB client usage). If LanceDB is used against a remote host, confirm how the host/credentials are provided and whether the skill would transmit query data externally. - Confirm the DB and filesystem paths (ROOT/knowledge/SYSTEM/pipeline_synergy.db and knowledge/SYSTEM/*.json and knowledge/SYSTEM/cascade_stats.json) point to directories you expect and do not contain sensitive system data you don't want the skill reading. - Review optional dependencies (hive_commons, tools.memory.memory_router) before installing them; they could introduce additional network or credential requirements. - Consider running the skill in a sandboxed environment first (or with reduced data) to observe behavior (what files it reads, whether it spawns processes, and whether it attempts outbound connections). If you want, I can scan the full memory_cascade.py for subprocess/network calls and list the exact code locations that warrant review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a1hc081jqt1jfrpr5ea3agh82f7dg
351downloads
0stars
2versions
Updated 7h ago
v1.0.0
MIT-0
@msruruguay
latest
Download

MidOS Memory Cascade

A self-tuning, auto-escalating search engine that tries each memory tier from fastest to slowest, stopping as soon as it finds a high-confidence answer.

What It Does

Instead of the agent deciding which storage layer to query, the cascade tries each tier automatically:

TierStorageLatencyStrategy
T0In-memory session cache<1msExact + fuzzy key match
T1JSON state files<5msFilename + key match
T2SQLite (pipeline_synergy.db)<5msStructured SQL LIKE
T3SQLite FTS5<1msFull-text keyword on 22K rows
T4Grep over 46K chunks~3sBrute-force ripgrep fallback
T5LanceDB keyword (BM25)slow670K vector rows, no embeddings
T5bLanceDB semantic3–30sEmbedding similarity, last resort

Question routing: Queries starting with how/what/why/etc. skip keyword tiers and route directly to semantic search.

Self-learning: The cascade records which tier resolves each query. After enough history, evolve() learns shortcuts (skip directly to the winning tier) and marks consistently-empty tiers for skip.

Usage

Python API

from tools.memory.memory_cascade import recall, store

# Search across all tiers
result = recall("adaptive alpha reranking")
# → {"answer": {...}, "tier": "T5:lancedb", "latency_ms": 340, "confidence": 0.87}

# Write to the right storage automatically
store("pattern", content="...", tags=["ml", "reranking"])

CLI

# Search
python memory_cascade.py recall "query here"

# View tier resolution stats
python memory_cascade.py stats

# Run self-evolution (learn shortcuts + tier skips)
python memory_cascade.py evolve

recall() Options

recall(
    query: str,
    min_confidence: float = 0.5,  # stop escalating at this threshold
    max_tier: int = 6             # 0=T0 only, 6=all tiers
)

Returns:

{
  "answer": { "source": "...", "text": "..." },
  "confidence": 0.87,
  "latency_ms": 340.2,
  "tiers_tried": 3,
  "resolved_at": "T5:lancedb",
  "shortcut": null,
  "question_routed": false,
  "escalation": [...]
}

Requirements

  • Python 3.10+ (stdlib only for core cascade logic)
  • Optional: hive_commons for LanceDB tiers (T5/T5b)
  • Optional: tools.memory.memory_router for store() routing

The cascade degrades gracefully — if LanceDB is unavailable, it stops at grep (T4). All stdlib tiers (T0–T4) work with zero dependencies.

Architecture Notes

  • Thread-safe: Session cache uses threading.Lock; stats writes use separate locks
  • Cross-process safe: JSONL writes use OS-level file locking (msvcrt on Windows, fcntl on Unix)
  • Confidence scoring: Term overlap × score × content richness → normalized 0–1
  • Stats persistence: knowledge/SYSTEM/cascade_stats.json accumulates hit rates per tier

Built with MidOS. 1 of 200+ skills. Full ecosystem at midos.dev/pro

Comments

Loading comments...