Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SQL Memory
v2.1.0Semantic memory layer for OpenClaw agents. Use when: (1) persisting agent memories with importance scoring, (2) hierarchical memory rollups (daily→weekly→mon...
⭐ 0· 92·0 current·0 all-time
byOblio@oblio-falootin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is a SQL-backed memory layer so needing DB credentials is reasonable, but the registry lists no required environment variables or primary credential while the SKILL.md, README, and code all expect SQL_* env vars for 'cloud' and 'local' backends. The dependency on a separate sql-connector skill is expected, but the mismatch between declared requirements and actual code is incoherent and may mislead users or automated installers.
Instruction Scope
Runtime instructions and code go beyond simple API usage: the package includes a setup_schema.py that creates DB schema, and sql_memory.py searches up to 5 parent directories for a .env file and will load it (possibly pulling unrelated secrets into process env). The code also manipulates sys.path to import a local sql_connector module from various relative locations. Additionally, the implementation references column names (e.g., key_name, is_active, logged_at, source) that do not match the columns created by the included setup_schema.py/README (which use [key], status, created_at/updated_at). Those schema/column mismatches mean following the README/setup script could leave the code non-functional or, worse, cause accidental writes to unexpected tables/columns.
Install Mechanism
There is no formal install spec (instruction-only), which reduces remote download risk. However, code files are included and will run in the agent environment. The skill does not fetch external archives or run network installs itself — installers are expected to run clawhub or pip for dependencies. No high-risk external download URLs were found.
Credentials
For a DB-backed memory layer, requesting SQL credentials is proportionate — but the registry declares none while the SKILL.md and code require SQL_CLOUD_* / SQL_LOCAL_* env vars. More concerning: the code actively searches parent directories for a .env file and will import variables into process env if found, which can unintentionally expose unrelated secrets from the user's filesystem to the skill. The skill also logs to a workspace logs directory (writes to disk).
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It does perform persistent actions the user must permit: it creates DB schema/tables (setup_schema.py), writes log files under a logs/ directory, and performs database writes/updates. Those are normal for this kind of skill but require database privileges and careful review before connecting to production systems.
Scan Findings in Context
[env-file-parent-search] unexpected: sql_memory.py's _find_env() walks up to 5 parent directories and loads a .env into process env. This behavior can read unrelated secrets from the user's workspace and is not declared in registry metadata. It's not necessary for the declared purpose if the environment is already configured and is an unexpected scope expansion.
[schema-column-mismatch] unexpected: setup_schema.py and README create columns named like [key], status, created_at/updated_at, but sql_memory.py refers to key_name, is_active, source, logged_at. The code expects different columns than the provided schema-creation script, which is an incoherence that will lead to runtime errors or miswrites.
[sys-path-import-search] expected: The module modifies sys.path to locate a local 'sql_connector' implementation in several relative paths. This is expected (the skill depends on sql-connector), but it expands import search to many filesystem locations which can cause surprising module resolution if multiple versions exist.
[hardcoded-example-host] expected: Docs and examples reference a cloud host (sql5112.site4now.net and db_99ba1f_memory4oblio). Example/default hosts are reasonable for examples, but users should be cautious not to point the skill at unknown third-party databases — the code will attempt connections using env-configured hosts.
What to consider before installing
Do not install or run this skill against production systems or supply real credentials until you verify the following:
- Confirm the DB schema: inspect setup_schema.py and sql_memory.py side-by-side. The code expects columns (key_name, is_active, logged_at) that are not created by the provided setup script/README. Fix or reconcile the schema before running setup_schema.py or connecting the skill.
- Protect secrets: sql_memory.py searches parent directories for a .env and will load it into the process. Ensure there is no sensitive .env in parent folders you don't intend to expose, or run the skill in an isolated directory with a controlled .env.
- Verify sql-connector: install and inspect the sql-connector skill it imports (the skill expects a local sql_connector.py or a separate skill). Ensure that import resolves to the version you reviewed and not an unintended module on sys.path.
- Use an isolated/test database: run setup_schema.py and the skill against a throwaway database (not production) to validate behavior and prevent accidental schema changes or data writes.
- Audit logging and file writes: the skill will create logs under a logs/ directory relative to the package. If you need strict data governance, adjust paths and retention accordingly.
If you want me to, I can: (1) point out the exact lines where schema names differ, (2) produce a patched setup_schema.py or sql_memory.py to make the schema and code consistent, or (3) walk you through a safe test deployment using a local containerized SQL Server.Like a lobster shell, security has layers — review code before you run it.
latestvk971evwh7xbm679rhd9g87744183ne9e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.