Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Alibabacloud Tablestore Openclaw Memory
v0.0.1This skill installs and configures the **Tablestore Mem0** plugin for OpenClaw. Tablestore Mem0 uses Alibaba Cloud Tablestore as the vector store backend for...
⭐ 0· 20·0 current·0 all-time
byalibabacloud-skills-team@sdk-team
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Tablestore mem0 plugin for OpenClaw) match the actions the SKILL.md describes: installing a plugin, configuring openclaw.json, and creating/using an Alibaba Cloud Tablestore instance. Required inputs (AccessKey or ECS RAM role and Dashscope API key) are appropriate for provisioning Tablestore and obtaining embeddings from阿里云百炼/Qwen.
Instruction Scope
Instructions remain within the plugin setup scope (collect credentials interactively, optionally create a Tablestore instance, install plugin, edit openclaw.json, restart OpenClaw, verify). The agent is explicit about requiring user confirmation before auto-provisioning. It will modify OpenClaw config and restart the service—expected for this task—but will also potentially enable public internet access on instances (via UpdateInstance) if VPC endpoints are unreachable, which has security implications.
Install Mechanism
This is instruction-only but tells the agent to install an external npm package (@tablestore/openclaw-mem0@0.8.2) from the public registry (with fallback to tar extraction). Installing third-party packages at runtime is a standard approach for plugins but carries the usual supply-chain risk; the SKILL.md does not include a vetted source or homepage to audit the package contents.
Credentials
Requested credentials (Alibaba AccessKey ID/Secret or ECS RAM role, plus Dashscope API key) are relevant to the stated purpose. However, the SKILL requires broad OTS permissions (documented as AliyunOTSFullAccess / CreateInstance, UpdateInstance, etc.), which are high privilege. The skill recommends environment variables for secrets (good), but granting full Tablestore permissions or enabling public access should be considered carefully.
Persistence & Privilege
Skill is not marked always:true and is user-invocable; it will modify its own runtime environment (openclaw.json) and restart OpenClaw as part of setup, which is consistent with a plugin installer. No evidence it attempts to persist beyond normal plugin configuration or alter other skills' configs.
Assessment
This skill appears to do what it says, but take these precautions before installing: (1) Confirm you want the agent to create cloud resources—do not proceed until you explicitly allow auto-provisioning. (2) Prefer using an ECS RAM role with least-privilege policies over long-lived AccessKeys; if you must use AccessKeys, create a limited service account and avoid giving full account-wide privileges. (3) Review the npm package @tablestore/openclaw-mem0@0.8.2 (author, homepage, and recent releases) before installing; installing unreviewed packages at runtime is a supply-chain risk. (4) Be aware the setup may enable public internet access for a Tablestore instance if VPC endpoints fail—this increases exposure. (5) Never paste secrets into chat; use the agent's interactive prompt to supply credentials and prefer environment variables or short-lived credentials. (6) Because the skill metadata lacks a homepage and the publisher is unknown, exercise additional caution and verify package provenance and the RAM policy requirements before proceeding.Like a lobster shell, security has layers — review code before you run it.
latestvk973z5p25yxvjmn718ha6yqp7d84eb37
License
MIT-0
Free to use, modify, and redistribute. No attribution required.