ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

2026 02 10 Clawhub Clawvault 1.5.1

v1.0.0

Structured memory system for OpenClaw agents. Context death resilience (checkpoint/recover), structured storage, Obsidian-compatible markdown, local semantic search, and session transcript repair.

1· 856·0 current·0 all-time
by@pin-alt
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the code and instructions: the package implements a local vault (create/load/store/search), qmd-based semantic search integration, shell integration, OpenClaw hook support, and session transcript repair that operates on ~/.openclaw/agents. No unrelated secrets or cloud credentials are requested.
Instruction Scope
SKILL.md directs the agent (or user) to run clawvault CLI commands that will read and modify local files: vault markdown files, the .clawvault internal state, and OpenClaw session files under the user's home directory. It also recommends installing and running external tooling (qmd) and offers a shell-init helper that appends aliases to shell rc files. These actions are in-scope for a memory/session-repair tool, but they do entail modifying other agent session files and shell configuration, so users should expect local file mutation and review hooks/handler code before enabling.
Install Mechanism
The registry entry has no automated install spec (instruction-only), but the package source/CLI is bundled in the skill. SKILL.md recommends installing via `npm install -g clawvault` and optionally `bun install -g github:tobi/qmd`. No registry-provided install script means the user must install the CLI themselves; this lowers automatic-install risk but does require executing third-party install commands.
Credentials
The skill declares no credentials and only an optional CLAWVAULT_PATH env var (documented). The code legitimately accesses local filesystem paths (vault path and ~/.openclaw sessions) and spawns the local 'qmd' binary for search. These accesses are proportional to the stated functionality and documented in SKILL.md.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously by the agent (default behavior) and provides an optional OpenClaw hook that, if installed and enabled by the user, will run on agent startup and on certain events. That hook (present as hooks/clawvault/handler.js) can inject recovery messages and auto-checkpoint behavior — expected for the feature but worth reviewing before enabling since it changes agent runtime behavior.
Assessment
This skill appears to do what it says: it manages a local Obsidian-style vault, requires a local qmd binary for semantic search, and repairs OpenClaw session transcripts by reading/writing files under your home directory. Before installing or enabling hooks, consider: 1) review hooks/clawvault/handler.js and any hook-related files to confirm you are comfortable with automatic checkpointing and injected recovery messages; 2) back up your OpenClaw sessions (~/.openclaw/agents) if you plan to run repair-session; 3) installing the CLI requires running npm/bun global installs (review the package source or install in an isolated environment if unsure); 4) the tool will spawn the external 'qmd' binary if present — only install qmd from sources you trust. If you want extra caution, run clawvault and repair-session with --dry-run first and use an isolated test vault before pointing it at production agent data.

Like a lobster shell, security has layers — review code before you run it.

latestvk9715xp7km3ymtbjy08b7sp3k9810xgf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments