ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

simple-memory-skill

v1.0.0

Zero-dependency AI memory system. No API keys needed. Pure local storage with smart search. Works everywhere.

2· 508·1 current·1 all-time
bySilas@shianaixuexi-cell
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (local memory, no API keys) align with the code and CLI: package.json, bin scripts, and lib/memory-core.js implement local filesystem-based storage and local TF‑IDF search. The skill does not request unrelated env vars, binaries, or config paths.
Instruction Scope
SKILL.md instructs agents to read and update SESSION-STATE.json, run the memory-* CLI commands, and to add explicit text to their system prompt (so the agent uses the CLI). This is expected for integrating a local memory system, but it is also a prompt-injection style instruction: it instructs the model to change its behavior and to always write memory before responding. That behavior is coherent with the skill's goal, but users should be aware it encourages automatic writing of user-supplied data to disk (which may include sensitive content) and that adding the provided text verbatim to a system prompt gives the skill a persistent influence on agent behavior.
Install Mechanism
Registry metadata lists no install spec, but package.json and bin scripts are included so normal installation would be via npm (npm install -g). There are no downloads from arbitrary URLs, no extract-from-URL steps, and the code is plain Node.js files. This is low-risk from an install-mechanism perspective.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code uses only local filesystem access (memories/, SESSION-STATE.json, MEMORY.md) which is necessary and proportionate for a local memory tool.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide agent settings. It writes files inside the user's project directory (its intended scope). Autonomous invocation is permitted by default but is not in itself unusual; note that integrating the SKILL.md recommendations into an agent's system prompt increases the chance the agent will use these tools automatically.
Scan Findings in Context
[system-prompt-override] expected: The SKILL.md explicitly tells integrators to add directives to system prompts (e.g., 'Read SESSION-STATE.json before responding'), which the regex scanner flagged as a system-prompt-override pattern. This instruction is expected for integrating a local memory capability, but it also amplifies the agent's authority to modify behavior — review before applying verbatim.
Assessment
This package appears to be what it says: a local filesystem-based memory CLI implemented in plain Node.js. Before installing or integrating: 1) Inspect where it will write data (SESSION-STATE.json, MEMORY.md, memories/*.json) and decide whether those files may contain sensitive information; consider enabling file-level encryption or excluding them from backups if needed. 2) Do not blindly paste the SKILL.md system-prompt text into shared or high-privilege agent prompts — adding those directives gives the agent persistent instructions to read/write local memory and to 'always write before responding', which could cause accidental storage of secrets. 3) If you install via npm, prefer installing from a trusted registry (or review the package tarball) since the registry entry here has no install spec; verify author/source if provenance matters. 4) Backups (memory-export/import) can export all stored content — treat exported files like sensitive data. Overall the skill is coherent and local-only, but handle stored memories and prompt changes thoughtfully.
!
SKILL.md:125
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b53rbtz7jj9hz0tf953aqt982zmw2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments