Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memory Manager
v1.0.0Local memory management for agents. Compression detection, auto-snapshots, and semantic search. Use when agents need to detect compression risk before memory...
⭐ 0· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included scripts: init.sh, detect.sh, organize.sh, snapshot.sh, search.sh, categorize.sh, stats.sh all operate on a local workspace memory directory and implement the described three-tier memory model. However there are metadata/config mismatches: skill.yaml's MEMORY_PATH default (~/clawd/memory) does not match the scripts' actual default workspace ($HOME/.openclaw/workspace via OPENCLAW_WORKSPACE). Package/README/SKILL.md reference different homepages (moltbook/clawhub) and _meta.json ownerId differs from provided registry metadata. These inconsistencies could cause confusion about where data is stored or which configuration is authoritative.
Instruction Scope
Runtime instructions and scripts stay local and do not contact external endpoints. They create/read/move/copy files under the workspace memory directory and use common CLI tools (find, grep, mv, cp, wc, jq if available). Important behaviors to note: organize.sh and categorize.sh move or copy user files (mv/cp), snapshot.sh reads and aggregates recent files into snapshot files, and search.sh suggests a 'memory_get' tool that is not included. Because some scripts perform destructive moves (mv), you should backup your memory directory before running; the instructions themselves recommend a backup but the scripts will act on any files present in the target directories.
Install Mechanism
No install spec or external downloads; this is instruction + shell script based. Nothing will be fetched from network during install. That reduces supply-chain risk, but you still execute local shell scripts on your system when you run them.
Credentials
The skill declares no required env vars, which matches the scripts (they only use OPENCLAW_WORKSPACE optionally). However skill.yaml exposes a MEMORY_PATH config that the scripts do not use, creating a mismatch between declared configuration and actual runtime behavior. There are no secret/credential requests. The scripts will act on whatever path OPENCLAW_WORKSPACE points to (or the default), so verify that path before running.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges or modify other skills. It writes state and snapshots to its own workspace directories only.
What to consider before installing
This skill appears to implement local memory management as advertised and contains only shell scripts that operate on local files (no network calls). However: 1) Back up your workspace before running—organize.sh and categorize.sh use mv/cp and can move files unexpectedly. 2) Confirm which directory will be used: scripts default to $HOME/.openclaw/workspace (or OPENCLAW_WORKSPACE) but skill.yaml suggests ~/clawd/memory—set OPENCLAW_WORKSPACE to the folder you expect. 3) The package/metadata/homepage/ownerId values are inconsistent across files—treat metadata with caution and verify the source or author if provenance matters. 4) Review the scripts (they're small) in a sandbox or run them with echo/dry-run to confirm behavior; ensure jq is available if you want JSON state updates. If these concerns are acceptable and you keep a backup, the skill is coherent; if provenance or accidental file movement is a concern, do not install or run it until resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk979wdh2yjc7qe2jd5evyr5a9583ak2c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.