ClawHub

Firm Memory Audit Pack

v1.0.0

Memory infrastructure audit pack. pgvector configuration validation and knowledge graph integrity check. 2 memory tools.

0· 271·1 current·1 all-time
by@romainsantoli-web
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and declared dependency (mcp-openclaw-extensions >= 3.0.0) align with the stated purpose of running pgvector and knowledge-graph audits. The two tool names map logically to the described checks.
Instruction Scope
SKILL.md only shows invoking two tools with a config_path argument; it does not request unrelated files or environment variables. However, the tools are expected to read the provided config.json (which may contain database credentials or endpoints) — the skill does not describe how sensitive data in that config is handled or validated.
Install Mechanism
No install spec or code files are included; this is an instruction-only skill relying on the mcp-openclaw-extensions bundle. Nothing is downloaded or written by the skill itself.
Credentials
The skill declares no environment variables or credentials, which is proportionate. Be aware that the external tools invoked will likely require connection details (DB host, user, password, etc.) supplied in the config_path file; those credentials live outside the skill and should be reviewed by the user before use.
Persistence & Privilege
The skill does not request always:true, does not persist configuration, and does not claim to modify other skills or global agent settings. Normal autonomous invocation is allowed (platform default).
Assessment
This instruction-only skill appears consistent with its purpose but depends on the external mcp-openclaw-extensions implementation and a user-supplied config.json. Before installing or running: 1) Verify the source and integrity of mcp-openclaw-extensions (ensure it’s a trusted provider/version). 2) Inspect any config.json you pass to these tools — it may contain database credentials or endpoints; do not point to production configs unless you’ve reviewed and sanitized them. 3) Prefer running the checks in a test environment or with least-privilege credentials. If you need higher confidence, ask the skill author for the extension repository or code for the two tools so you can audit what they do with the config file and any network connections they make.

Like a lobster shell, security has layers — review code before you run it.

latestvk971y1r3kwnkrag21hrn7c7asx825vmp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments