ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Firm Hebbian Memory

v1.0.0

Système de mémoire adaptative hebbienne pour Claude.md — transforme les logs de sessions en patterns pondérés qui renforcent ou atrophient les règles de trav...

0· 348·1 current·1 all-time
by@romainsantoli-web
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Hebbian adaptive memory for Claude.md) matches the SKILL.md content: ingestion, analysis, weight updates, and a 4-layer architecture. The metadata requirement for mcp-openclaw-extensions is plausible for implementing the described tools. No unrelated credentials or binaries are requested.
Instruction Scope
Instructions direct ingestion of session JSONL from ~/.openclaw/sessions and propose creating a persistent post-session hook (~/.openclaw/hooks/post-session.sh) and optional cron entry. These actions are coherent with the purpose but grant the skill persistent filesystem hooks/automation that will cause continuous ingestion; verify the exact paths and tool names before enabling automation. PII-stripping is described but the document also admits known gaps (credentials in URLs, env vars in stack traces).
Install Mechanism
No install spec or code is included (instruction-only). This minimizes installation risk, but also means the skill expects existing platform tools (openclaw_hebbian_* via the MCP) to be present.
Credentials
The skill does not require environment variables or secrets to run. It mentions an optional HEBBIAN_ALLOWED_DIRS env var for whitelisting paths; that is proportionate. There are no unexplained credential requests.
Persistence & Privilege
The skill suggests creating persistent artifacts (hook script, cron job, and Git commits/tags). That persistence is consistent with the intended continual ingestion, but it is a material change to the host environment — review and control these changes before enabling them. always:false and no cross-skill config writes.
Assessment
This SKILL.md is coherent with its stated goal but relies on platform-side tools (openclaw_hebbian_*) and will create persistent hooks/cron jobs that ingest session logs. Before enabling or automating it: 1) Confirm the required MCP/tools (mcp-openclaw-extensions >=1.2.0) actually provide the named tool endpoints. 2) Review the proposed hook script and cron entry — test manually first (run the harvest tool on sample logs) rather than enabling automatic cron. 3) Verify and strengthen PII/secret detection (the doc admits gaps for credentials embedded in URLs or env-vars in traces); consider running a dedicated secret scanner (trufflehog, detect-secrets) on logs before ingestion. 4) Confirm the policy for Git commits/tags and where snapshots are stored to avoid leaking data. 5) Run in an isolated/test environment first and audit what is sent to the local MCP (curl to localhost:8012) and what the MCP tools do. If you need higher assurance, request the implementation code for the openclaw_hebbian_* tools or a trusted package that provides them before deploying in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d0p7xqd52h4m5xxcprf57sn8209be

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments