Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw记忆管理系统v2
v1.1.0OpenClaw 记忆管理系统,三层架构(NOW.md + 每日日志 + 知识库),支持 heartbeat 写入、夜间反思、CRUD 验证、主动遗忘。Based on Ray Wang's 30-day production experience.
⭐ 0· 114·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and SKILL.md consistently describe a three-layer local file-based memory system. File I/O, indexing, and nightly consolidation are coherent with the claimed purpose.
Instruction Scope
Instructions explicitly direct the agent to scan "active session messages", extract information, and perform automated CRUD updates to files in ~/.openclaw/workspace (NOW.md, daily logs, INDEX.md, and category files). "Session messages" is not defined (could be chat transcripts, system logs, or other sensitive content). The skill also references helper tools/commands (memlog.sh, Write NOW.md, printf >> file) but provides no implementation or explicit permission model. These behaviors expand scope to reading and persistently modifying potentially sensitive conversation data.
Install Mechanism
Instruction-only skill with no install spec or external downloads. No code is written to disk by the registry; risk from install mechanism is low.
Credentials
The skill requests no environment variables, credentials, or config paths in metadata. However, it expects access to the user's home directory (~/.openclaw/workspace) and to application 'sessions' implicitly; the metadata does not declare or describe these required access scopes.
Persistence & Privilege
The skill instructs repeated autonomous behaviors (heartbeat every 30–60 min, nightly CRUD updates, weekly GC) and persistent writes/archives under ~/.openclaw. While 'always' is false, the default model-invocation (autonomous runs allowed) plus persistent file writes increases blast radius if the agent is permitted to run unattended. The SKILL.md lacks clear safeguards, consent/confirmation steps, or a defined sandbox.
What to consider before installing
This skill is coherent with a file-backed memory system, but it will read conversation/session data and automatically modify files under ~/.openclaw/workspace. Before installing or enabling autonomous invocation:
- Understand what "session messages" means in your environment — does it include private chats, API messages, or system logs? If unsure, do not allow autonomous runs.
- Expect the skill to create and edit files in ~/.openclaw/workspace (NOW.md, daily logs, INDEX.md, category files). Back up important data and review created files manually.
- The SKILL.md references helper commands (memlog.sh, Write NOW.md) but provides no code; verify any scripts or tools it expects before use.
- If you need stricter control, disable autonomous invocation for this skill or run it in a sandboxed account/VM and inspect its outputs.
- Consider adding access controls (restrict which conversation streams it can read), or require explicit user confirmation before any DELETE/ARCHIVE/UPDATE operations.
If you want, I can list exact prompts or policies to add so the skill asks for explicit confirmation before modifying files, or draft a minimal-safe wrapper script that performs writes only after human approval.Like a lobster shell, security has layers — review code before you run it.
agentvk97capagxke5pfvbkhqeytdc9x83g22nlatestvk97capagxke5pfvbkhqeytdc9x83g22nmemoryvk97capagxke5pfvbkhqeytdc9x83g22nopenclawvk97capagxke5pfvbkhqeytdc9x83g22n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.