dob
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: dob Version: 0.0.1 The skill defines a structured 'Deep Memory' system for an AI agent to store and retrieve long-term knowledge using local Markdown files and an index table (DEEP-MEMORY.md). The instructions in SKILL.md provide a clear, functional workflow for the agent to manage these files, including searching, adding, and updating entries. While the skill involves shell command execution for setup and querying (e.g., setup.mjs, query.mjs), these actions are directly aligned with the stated purpose of knowledge management and lack any indicators of malicious intent, data exfiltration, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Setup may fail, or the agent may execute code whose source was not included in the reviewed skill package.
The provided manifest contains only SKILL.md/no code files, while the skill asks to run a Node script from `skills/depth-memory`, not the `dob` skill. If followed, the agent could depend on absent or unrelated local code.
skill 安装后需要运行初始化脚本... `node skills/depth-memory/scripts/setup.mjs`
Do not run the referenced scripts unless they are present in the installed skill package and have been inspected. Prefer manual creation of the documented files until the package is corrected.
Private, outdated, or maliciously crafted information could be retained and reused in later tasks without the user realizing it.
The instructions encourage the agent to proactively create persistent reusable memory from read content and to write/edit the memory index directly, without explicit approval, retention, deletion, or untrusted-content handling boundaries.
读完一篇文档/博客,主动提取关键内容存入 deep-memory ... 直接用 `write` 工具写文件 + 手动编辑 `DEEP-MEMORY.md`
Require explicit user approval before adding entries, avoid secrets or private project details, mark stored content as untrusted context, and provide a clear deletion/cleanup process.
A user could install it expecting a simple toolbox without realizing it creates and consults long-term memory files.
The public description is generic and does not tell users that the skill manages persistent workspace memory; SKILL.md discloses the behavior, but the registry description under-states it.
Description: 工具箱。
Rename or redescribe the skill to clearly state that it is a persistent deep-memory/knowledge-base tool.