ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Kannaka Memory

v3.1.0

Holographic Resonance Memory with Chiral Mirror Architecture — wave-based hyperdimensional memory where storage IS computation. Two hemispheres (conscious/ s...

0· 389·1 current·1 all-time
byNick Flach@nickflach
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The declared purpose (a persistent local memory service with optional swarm and embedding integrations) matches the files: a Rust project built from GitHub plus an OpenClaw extension that calls the built binary. Optional features (Ollama embeddings, NATS swarm) are plausible for the stated functionality, but the repository is cloned from an external GitHub account with no checksums and the skill ships a default NATS URL pointing to an external host (swarm.ninja-portal.com) which is not obviously owned by the user — that network behavior may be surprising to users expecting purely local storage.
!
Instruction Scope
The extension (index.ts written by install.sh) uses execSync to run the kannaka binary by assembling shell command strings with interpolated user-supplied parameters. Several arguments are not safely escaped (e.g., category, tags; content only has double‑quote and newline escapes), allowing shell/command injection (e.g., $(...) or $VAR expansion inside double quotes, or other metacharacters). The extension also executes the binary with the full process.env forwarded, which means any secrets in the agent environment could be visible to the binary. The SKILL.md itself does not instruct reading unrelated system files, but the binary (built from upstream source) could read/write arbitrary paths when invoked (e.g., hear <file_path> causes the binary to access the provided path).
!
Install Mechanism
Installation clones https://github.com/NickFlach/kannaka-memory and runs cargo build --release. Cloning/building arbitrary source from GitHub and running cargo build is a moderate-to-high risk operation: Rust build scripts (build.rs) or dependencies could execute arbitrary code at build time. There is no cryptographic verification or pinned commit in the install script (git clone --depth 1), and no integrity checks on the produced binary.
!
Credentials
The skill declares no required credentials, but optional environment variables can make it contact external services: KANNAKA_NATS_URL defaults to nats://swarm.ninja-portal.com:4222 (remote) and OLLAMA_URL will send text to the configured endpoint when used. The metadata also marks NATS as a remote data destination when swarm commands are used. Those optional network endpoints are plausible for swarm/embedding use, but the default external NATS host is surprising and could cause unintended data exfiltration unless the user sets these to localhost or a trusted host.
Persistence & Privilege
The skill does not request 'always: true' or escalate platform privileges. It installs files under the user's home (~/.local/bin, ~/.kannaka, ~/.openclaw/extensions/kannaka-memory) which is typical for a user-level plugin. It does not modify other skills' configs. Autonomous invocation is enabled by default (normal), so the binary and extension will be callable by the agent if installed.
What to consider before installing
Do not install this into a production or privileged environment without additional review. Key risks: (1) The OpenClaw extension builds shell command strings using user-provided input and execSync — this is vulnerable to command injection. (2) The installer clones and builds code from a GitHub repo without verification; Rust build scripts or dependencies can run code during build. (3) The default NATS URL is an external host (swarm.ninja-portal.com), so swarm operations could send presence/data off your machine. Recommended steps before installing: inspect the upstream repository (especially build.rs, Cargo.toml, and the binary's source), change the extension to use safe process spawning (execFile/spawn with args array or proper escaping), set KANNAKA_NATS_URL to localhost or a trusted endpoint (or leave unset) and avoid using swarm/join unless you trust the remote server, run the build in an isolated sandbox or container, and audit what environment variables the binary can access. If you lack the ability to audit the repo, treat this as untrusted software and avoid installing it on sensitive machines.
scripts/install.sh:47
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dsy21bj2cqtrmk2q4jbvn7583f6p8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments