Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
NOVA Memory
v1.0.1AI Agent 三层记忆架构系统。用于构建具有长期记忆能力的 AI 助手。 触发条件:(1) 用户询问记忆系统设计或架构 (2) 需要为 AI Agent 构建记忆能力 (3) 提及"记忆系统"、"情景记忆"、"语义记忆"、"NOVA"、"记忆维护"等相关概念
⭐ 0· 314·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (three-layer memory for an AI agent) aligns with creating/reading/writing workspace files (memory/, identity/, MEMORY.md) and maintaining indexes. However the SKILL.md also references absolute system paths (e.g., /root/.openclaw/restart-context.json, /root/.openclaw/workspace) and suggests modifying AGENTS.md and placing files into ~/.openclaw/workspace/skills/ — using root/home-level paths and agent config files is plausible for an on-host memory implementation but broader than strictly necessary and should be justified.
Instruction Scope
Instructions tell the agent to read system/agent files (restart-context.json, USER.md), run a node script (node skills/self-iterator/iterate.js), perform git commits, and configure cron jobs for weekly maintenance. These are beyond read-only queries: they involve modification, scheduled persistent execution, and accessing files outside a narrowly scoped workspace. The referenced script/files are not provided in the skill bundle, giving the agent broad discretion to execute unspecified actions.
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, which minimizes install-time risk (nothing is downloaded or written by an installer as part of the skill package).
Credentials
No environment variables or credentials are declared, yet the content references integration details (Feishu doc tokens extracted from URLs) and system identity info. The absence of declared required credentials is an inconsistency: the skill implies handling tokens but does not declare or constrain how secrets are provided or accessed.
Persistence & Privilege
The SKILL.md instructs persistent changes (writing/updating memory files, updating MEMORY.md, committing via Git, adding cron tasks, editing AGENTS.md) which gives the skill an ongoing presence on the host. Although always:false and the skill is user-invocable, these instructions would create scheduled autonomous behavior and filesystem persistence if followed — a legitimate memory implementation can require this, but it increases risk and should be explicitly consented to and auditable.
What to consider before installing
This skill is an instruction-only blueprint for a file-based long-term memory. Before installing or running it: (1) Inspect and vet all file paths it will read/write (notably /root/.openclaw/* and ~/.openclaw/*) because those may contain sensitive data or credentials. (2) Note it asks you to add cron jobs and perform git commits — these create persistent, recurring behavior; only allow them if you trust the author and understand the exact commands. (3) The SKILL.md references running a node script (skills/self-iterator/iterate.js) and Feishu token extraction but does not include those scripts or declare credentials — confirm where those scripts come from and how secrets will be provided. (4) If you want to use it, test in a sandbox or non-production account, back up existing AGENTS.md and workspace files, and require explicit review/approval before applying cron edits or committing changes. Additional information that would raise confidence to high: a provided implementation (code) to review, explicit list of files/commands the skill will run, and a justification for reading any root-level paths or external credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk977t0astc7wmm07tb0tqb5e4x82fy30
License
MIT-0
Free to use, modify, and redistribute. No attribution required.