Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Context Nexus
v0.2.0Persistent cross-session memory, structured observability, encrypted secrets management, and replay for OpenClaw agents. Local-first SQLite. Installs as both...
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a Node.js plugin + Python subprocess architecture and an autonomous marketplace that performs financial splits, but the registry metadata only requires python3 and declares no Node/npm dependency, no payment or gateway credentials, and no homepage or author. The marketplace implies payment rails or settlement credentials yet none are declared. These mismatches between claimed capabilities and declared requirements are unexplained.
Instruction Scope
Runtime instructions tell operators to git clone the repo and run ./scripts/install, modify ~/.openclaw/openclaw.json, and restart the gateway. The plugin also registers automatic hooks (before_prompt_build, after_tool_call, session_end, on_error) which will inject stored data into prompts and log every tool call. The instructions include commands to store secrets (example shows storing OpenAI keys) and to perform automatic marketplace purchases. They do not limit what the install script may do, nor declare how secrets/transactions are authorized — broad scope with potential for unexpected data access or network activity.
Install Mechanism
Although the registry has no formal install spec, the SKILL.md directs users to clone a GitHub repository and run an install script. Cloning and executing an unverified repository (./scripts/install) is high‑risk: it can write files, run arbitrary code, and open network connections. The GitHub URL is not a pinned release artifact (no release tarball or checksum provided).
Credentials
The skill will handle and store secrets (examples show API keys) and optionally supports DATABASE_URL, yet the skill metadata lists no required env vars or credentials. It also instructs editing and enabling plugin entries in ~/.openclaw/openclaw.json (modifying user agent config) without declaring that requirement. The autonomous marketplace functionality implies payment/settlement credentials that are not described. Overall, requested/used environment and credential access is under-specified and therefore disproportionate.
Persistence & Privilege
The plugin is installed into the agent runtime and registers automatic hooks that run every session (automatic invocation). While always:false, this combination (automatic hooks + secrets management + code downloaded and installed) increases blast radius and persistence on the host. The install process also requires modifying the agent's config (~/.openclaw/openclaw.json) and restarting the gateway, which grants ongoing privileged presence.
What to consider before installing
Do not clone or run the repository until you verify it. Steps to reduce risk: (1) Ask the publisher for a homepage, signed releases, and an official release tarball or audited package instead of a straight git clone. (2) Inspect the repository and ./scripts/install content before running — run it in an isolated VM or container. (3) Verify whether Node.js (and which version) is required and whether any payment/settlement credentials are needed for the marketplace; refuse to provide payment keys until clarified. (4) Confirm how secrets are encrypted and where the encryption keys are derived/stored (PBKDF2 is mentioned but implementation details matter). (5) Expect the plugin to modify ~/.openclaw/openclaw.json and to inject memories into prompts — only install if you trust the code and want persistent cross-session access. If you lack the ability to audit the code, prefer a verified/official plugin or ask the maintainer for a security review and signed releases.Like a lobster shell, security has layers — review code before you run it.
latestvk975rxkwnbfj60x1vpsnvb1j35841ygw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
Binspython3