Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Rookie Memory
v2.0.0Rookie-Memory 三级记忆管理系统 v2.0。专为 AI 代理设计的进化版记忆系统,包含 L0 永久记忆、L1 短期记忆、L2 中期记忆,支持 bootstrap 启动加载、autosave 自动保存、混合检索、自动清理等高级功能。
⭐ 0· 225·0 current·0 all-time
by@rrrker
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (short/medium/long-term memory management) justifies use of embeddings and a local vector DB (ChromaDB). However, the code attempts to read /root/.openclaw/openclaw.json to extract a ZHIYI API key and defaults to calling an external embedding service (open.bigmodel.cn). The registry metadata declares no required environment variables or config paths, so accessing the platform config and external model provider is disproportionate to what was declared.
Instruction Scope
SKILL.md instructs running the included script and mentions using a venv with chromadb, and file IO under a workspace memory folder. The runtime code goes further: it will try to read OpenClaw's config file to extract API keys and will POST text to an external embedding API. Those actions (reading platform config, using discovered credentials, and outbound network calls) are not clearly documented in SKILL.md and expand the agent's scope beyond local memory management.
Install Mechanism
There is no install spec (instruction-only + included script), so nothing is automatically downloaded or installed. The Python script depends on requests and chromadb; SKILL.md examples reference a specific virtualenv path. Lack of declared dependencies is a quality/operational issue but not an installation red flag by itself.
Credentials
Registry metadata lists no required environment variables or config paths, yet the code reads environment variables (ZHIYI_BASE_URL, ZHIYI_API_KEY) and, if not set, opens /root/.openclaw/openclaw.json to find API keys. This accesses potentially sensitive credentials belonging to the platform or other skills without disclosure. The script will use any discovered API key to call an external embedding service, which could lead to credential use/exfiltration if unexpected.
Persistence & Privilege
The skill does not request always: true and is user-invocable. It writes memory files under a workspace (default /root/.openclaw/workspace/memory) and creates collections in a local ChromaDB path. That per-skill storage is expected. The concern is that it also reads a platform-level config file (/root/.openclaw/openclaw.json), touching configuration outside its own storage scope.
What to consider before installing
This skill mostly does what it says (manages short/medium/long memories and uses embeddings + ChromaDB), but it also looks for OpenClaw platform credentials and will call an external embedding API by default. Before installing or running it: (1) inspect scripts/memory_manager.py yourself and confirm you're comfortable with it reading /root/.openclaw/openclaw.json (or run it in an isolated container or sandbox); (2) if you don't want the skill to use external providers, set ZHIYI_API_KEY to an empty value and/or change the embedding call to a local/no-op; (3) ensure the workspace path and virtualenv references are appropriate for your environment (the code uses hardcoded /root/.openclaw paths); (4) audit the OpenClaw config file for secrets and restrict permissions if necessary. If you cannot verify these things, treat the skill as potentially risky and avoid running autosave/cleanup operations that write/read platform config or send data externally.Like a lobster shell, security has layers — review code before you run it.
latestvk971x9k44wrb135xpvdt3cwvdd82shv7memoryvk971x9k44wrb135xpvdt3cwvdd82shv7ragvk971x9k44wrb135xpvdt3cwvdd82shv7three-tiervk971x9k44wrb135xpvdt3cwvdd82shv7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.