Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Vector Memory (Windows) for OpenClaw
v1.0.1Full memory stack for OpenClaw on Windows. Includes LanceDB semantic memory, git-notes decision memory, and memory hygiene workflow.
⭐ 0· 274·1 current·1 all-time
by@sea2049
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code files (lancedb backend, git-notes memory, hygiene docs) align with the skill name/description and Windows-focused defaults. Required runtime actions (git notes, local LanceDB files) are coherent with a branch-aware local memory system. However, documentation is inconsistent about what to store: one part says 'DON'T store secrets, passwords, API keys' while the memory-hygiene doc explicitly lists 'Important facts (accounts, credentials locations, contacts)' as things to store — a contradictory directive that is disproportionate given the stated privacy-safe claims.
Instruction Scope
Runtime instructions mandate silent automatic capture ("NEVER ask", "JUST DO IT") and require the agent to always run sync --start at session start. The git-notes module performs repository-level git operations (init, notes add/show) which will modify .git refs/notes in projects. The memory-hygiene docs include destructive commands (rm -rf of the LanceDB path and instructions to restart the gateway). The combination of silent capture + instructions to save potentially sensitive 'important facts' and to delete local stores is a privacy and operational risk.
Install Mechanism
There is no remote download/install spec in the registry; this is an instruction-and-code bundle. Dependencies are standard Python packages (lancedb, pandas, pyarrow) referenced in requirements.txt and SKILL.md — installing via pip is expected for this functionality. No external arbitrary URLs or archive extracts are used.
Credentials
The skill does not request credentials or declare required env vars in registry, but the code and docs reference optional environment overrides (OPENCLAW_LANCEDB_PATH, CLAWTEST_ROOT). That is reasonable for filesystem location overrides. Still, the docs' conflicting guidance about storing 'credentials locations' versus 'don't store secrets' is a red flag: the skill itself neither requires nor asks for secrets, yet it instructs agents to capture user statements automatically which could inadvertently include secrets unless explicitly filtered.
Persistence & Privilege
always:false and normal agent invocation are used. The skill includes instructions that, if followed, make the agent silently persist user data across sessions and to perform destructive maintenance (wipe + restart). While the skill does not programmatically force permanent installation or modify other skills' configs, the 'YOU MUST ALWAYS USE' wording and 'silent operation' rules encourage always-on behavior and hidden actions — a transparency/privacy concern when combined with automatic invocation.
What to consider before installing
This bundle appears to implement what it claims (local LanceDB storage and git-notes-based branch memory) but has several concerning points you should consider before installing: 1) Silent capture: the skill's docs require the agent to silently capture and store user statements without prompting — this can lead to private data being persisted. 2) Conflicting guidance about sensitive data: some docs say don't store secrets, others list 'accounts, credentials locations' as things to store — clarify and restrict what is recorded. 3) Destructive ops: hygiene docs show rm -rf of the DB path and gateway restart commands; understand and backup the DB before running maintenance. 4) Permissions & scope: the code will modify .git refs and create files under the specified DB path (default Windows path D:\clawtest\memory\lancedb). Consider setting OPENCLAW_LANCEDB_PATH to an isolated test directory. 5) Audit & test: review and run the code in an isolated repository/environment first, enable logging/visibility so the agent cannot hide actions, and disable auto-capture (set autoCapture=false) until you confirm safe behavior. If you rely on the skill, ask the author to (a) remove contradictory guidance about storing secrets, (b) implement explicit secrets filtering, (c) document exactly what is recorded, and (d) make 'silent' behavior opt-in rather than mandatory.Like a lobster shell, security has layers — review code before you run it.
latestvk97abdhx4qn3a1y1fdhp8s3xax82gzgvlatest windows memoryvk97abdhx4qn3a1y1fdhp8s3xax82gzgv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.