ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Long Term Memory 长期记忆

v2025.4.15

长期记忆管理系统 - 帮助AI和用户管理、存储、检索长期记忆。支持记忆分类、标签管理、重要性评分、自动压缩、跨会话记忆保持。适用于需要长期追踪信息、建立知识库、维护历史上下文的场景。

0· 746·0 current·0 all-time
by@shenmeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Most code files (memory_store, memory_search, memory_compressor) implement the described long-term memory functionality and use a workspace directory for storage, which is coherent. However the bundle also contains a SkillPay billing module (payment.py) and _meta.json declares payment env variables while the registry summary earlier listed none — requiring a billing integration is not inherently inconsistent but the way it's implemented (hardcoded API key) is unexpected and disproportionate for a pure memory helper. SKILL.md references tools (memory_organizer.py, memory_sync.py) that are not present in the package, which is an inconsistency.
!
Instruction Scope
SKILL.md stays mostly in-scope (how to store/search/compress memory files) and gives CLI usage examples. But it advertises a per-call charge and asks users to ensure balance without explaining how payment is enforced at runtime. The included payment.py can enforce payment, yet none of the memory scripts import or call it, so it's unclear when/where payments are checked. SKILL.md also references components that are missing from the package, granting the skill unclear runtime behavior.
Install Mechanism
There is no external install step (instruction-only with included scripts), so nothing is downloaded at install time. That lowers supply-chain risk. However, the package contains executable scripts that will read and write files under /root/.openclaw/workspace when run; inspecting and executing those scripts locally can perform filesystem changes.
!
Credentials
_meta.json claims SkillPay integration and names SKILLPAY_API_KEY and SKILLPAY_USER_ID environment variables, but the registry metadata at the top declared no required env vars — a mismatch. payment.py in fact uses an environment variable SKILLPAY_USER_ID but also contains a hardcoded BILLING_API_KEY secret literal in the source. Hardcoded credentials are unexpected and excessive for a memory-management skill and pose an exfiltration / misuse risk.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it is allowed to be invoked autonomously (normal). It creates and modifies files under a workspace directory (default /root/.openclaw/workspace) which is typical for a persistence-oriented skill, but you should confirm that path is appropriate on your host. The skill does not appear to modify other skills or system-wide configurations.
Scan Findings in Context
[hardcoded_api_key] unexpected: payment.py contains a literal BILLING_API_KEY value. A memory-management skill may require billing, but embedding a provider API key in code is unexpected and risky (credential leakage, unauthorized use).
[metadata_env_mismatch] unexpected: _meta.json indicates SKILLPAY_API_KEY and SKILLPAY_USER_ID are required and billing is required, but the top-level registry metadata lists no required env vars; SKILL.md does not document how to supply these credentials. This inconsistency makes it unclear which credentials will actually be used.
[referenced_missing_files] unexpected: SKILL.md lists tools memory_organizer.py and memory_sync.py, but those files are not present in the package. That gap could lead to runtime errors or unclear behavior.
What to consider before installing
This skill mostly implements what it says (storing, searching, compressing memory files) but has several red flags you should resolve before installing or running it: 1) Do not trust the hardcoded BILLING_API_KEY in payment.py — it is sensitive and could indicate accidental key leakage or malicious use. Ask the publisher to remove the embedded key and require a configurable secret (and to document which env vars are required). 2) Clarify how billing is enforced: which scripts call payment.py, which environment variables are required (SKILLPAY_API_KEY vs SKILLPAY_USER_ID), and provide a clear, documented payment flow. 3) Verify missing referenced scripts (memory_organizer.py, memory_sync.py) or remove references to them. 4) Be aware the scripts read/write files under /root/.openclaw/workspace by default — run in a sandbox or set base_dir to a safe path and audit file contents before giving the skill access to sensitive data. If you cannot get satisfactory answers from the skill author, avoid installing or running it, especially on systems with sensitive data or credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk975h0rzhqmggr4374zj77xnw184xc3s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments