Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Heleni Memory Architecture
v1.0.0Honcho-inspired memory architecture for PA agents. Use when writing to MEMORY.md, ending a significant conversation, or deciding what to remember long-term....
⭐ 0· 12·0 current·0 all-time
byNetanel Abergel@netanel-abergel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description describe a memory architecture, which reasonably requires reading/writing memory files. However the SKILL.md expects to source a .context file at /opt/ocana/openclaw/workspace/skills/memory-architecture/.context and to use workspace variables like $WORKSPACE, $MEMORY_FILE, $WHATSAPP_MEMORY_DIR even though the skill declares no required env/config. It also instructs committing to git and updating SKILL.md files — capabilities that go beyond simply managing memory and touch agent configuration and other skills.
Instruction Scope
Runtime instructions tell the agent to read and write daily/project/long-term memory files, run self-review crons via `openclaw cron add`, commit changes to git, and 'update MEMORY.md and/or relevant SKILL.md files.' Sourcing a local .context file can expose arbitrary env vars; scheduled crons and edits to other SKILL.md files broaden the skill's scope to system configuration and other skills' content.
Install Mechanism
No install spec and no code files — the skill is instruction-only, which reduces supply-chain risk because nothing new is written at install time. Operational risk comes from the instructions the agent will run at runtime, not from an installer.
Credentials
The skill declares no required environment variables or credentials, yet instructs sourcing a .context file and using environment variables and filesystem paths. It also expects to commit to git and create crons (which may require repo credentials or platform permissions). This mismatch makes it unclear what secrets or permissions the skill will actually access at runtime.
Persistence & Privilege
The instructions actively create persistent effects: adding recurring crons, committing changes to git, and editing SKILL.md files. While always:false and user-invocable, these actions let the skill persist behavior and modify other skill files or agent configuration — a higher privilege that should be carefully controlled.
What to consider before installing
This skill appears coherent for managing memories but asks the agent to source a local .context file, write many memory files, create recurring crons, commit to git, and update SKILL.md files. Before installing: (1) inspect the .context file content to ensure it contains no secrets or unexpected variables; (2) confirm who has write access to the repo and whether git commits will use stored credentials; (3) decide whether the skill should be allowed to create platform crons or edit other SKILL.md files — consider restricting or requiring manual approval for those actions; (4) back up MEMORY.md/AGENTS.md and the repository so you can revert unwanted changes; (5) run the skill in a sandbox or with limited permissions first. If you can provide the .context file and clarify whether `openclaw cron add` runs in a restricted environment (and whether SKILL.md edits are limited to this skill), I can raise or lower the confidence of this assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk976kfv3wwncqh90hj01jedz9n84acy6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.