Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Trident Memory System
v1.0.0Three-tier persistent memory architecture for OpenClaw agents with daily episodic logs, curated long-term memory, semantic recall, and WAL-based continuity w...
⭐ 0· 28·0 current·0 all-time
byShiva&G@shivaclaw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (three-tier memory, WAL, Qdrant, Git backups) align with the instructions and docs. However the registry metadata declares no required environment variables or credentials while the documentation repeatedly references GitHub SSH, Hostinger API snapshots, Qdrant API keys and embedding credentials — optional features that clearly require secrets. This mismatch between claimed 'no required env vars' and documented external integrations is a notable inconsistency.
Instruction Scope
Runtime instructions tell the agent to create a memory directory structure, schedule a recurring 'Layer 0.5' cron job, copy/execute a user-facing AGENT-PROMPT.md template, and (optionally) connect to external services (Qdrant, FalkorDB, GitHub, Hostinger). The docs also indicate the template is auto-approved on activation. Creating cron jobs and executing templated routing logic gives the plugin persistent autonomy and the ability to process messages regularly; that scope is legitimate for a memory plugin but increases risk and should be explicit to the user. The SKILL.md instructs reading/writing only to memory/ but also references reading openclaw.json and system cron; the instructions are not vague but the impact (scheduled execution & network I/O when optional features enabled) requires explicit confirmation and review.
Install Mechanism
There is no install spec in the registry (instruction-only), but multiple code and manifest files (index.ts, package.json, plugin-manifest.json, scripts referenced in docs) are present. That is not malicious by itself, but means actual behavior will depend on plugin code (not visible to the installer until inspected). Because cron jobs and activation scripts are documented, users should audit those scripts (activate/install) before running them. No external download URLs with high-risk patterns are present in SKILL.md.
Credentials
The package metadata lists no required env vars, yet the docs and config.schema reference API keys and secrets (qdrant_api_key, falkordb_graph_key, GitHub SSH for backups, Hostinger API). The Completion/README also explicitly says 'API keys expected from environment.' Requesting access to SSH/API credentials for backups and vector services would be proportionate to the plugin's optional features — but the registry should declare them. The absence of declared required env vars is inconsistent and could cause surprise credential exposure at runtime if the plugin looks up environment variables not documented in the registry.
Persistence & Privilege
always:false (normal). The plugin intends to create files under the workspace memory directory, install a cron job for Layer 0.5, and (optionally) initialize Git backups. Those are expected for a persistent memory system but are persistent actions with potentially wide impact (scheduled tasks, file writes, backups to remote services). This is expected functionality, but the user should confirm exactly how cron is scheduled (system vs user cron), under which user identity it runs, and what network access the cron job will have.
Scan Findings in Context
[pre-scan:none] expected: The static pre-scan reported no injection or regex hits. That does not guarantee safety — code files exist (index.ts, scripts referenced in docs) and should be audited, but no automated patterns were flagged.
What to consider before installing
This plugin appears to implement the described three-tier memory system, but there are several things you should verify before installing:
- Inspect the plugin code (index.ts, scripts/install.sh, scripts/activate.sh or equivalent) before activation to see exactly what is scheduled and what runs as a cron job. Confirm whether cron uses the system crontab or a user-level scheduler and which user account will run it.
- Confirm which environment variables or credentials the plugin will read at runtime. The docs reference Qdrant API keys, FalkorDB keys, GitHub SSH, and Hostinger API — but the registry metadata lists none. If you plan to enable backups or semantic recall, prepare secrets and verify where/how they are stored and transmitted.
- Review the activation behavior for 'auto-approve' of the AGENT-PROMPT.md template. The docs say activation auto-approves the template; prefer to manually verify template integrity and run template-verify before enabling scheduled runs.
- If you will use GitHub/Hostinger backups, check code that performs the backup to ensure it only uploads the intended files and that SSH/private keys or API tokens are used in a limited, explicit way. Ideally use a deploy key or service token with minimal scope.
- Run the plugin in a sandboxed or non-production workspace first (backup your existing memory), and confirm the audit logs and template verification features work as advertised. Disable optional networked features (Qdrant/Git backup/Hostinger) until you have audited credential handling.
If you want, I can list the specific files and lines to inspect (index.ts, plugin-manifest.json, any referenced install/activate scripts) and summarize any network endpoints or exec calls I find.Like a lobster shell, security has layers — review code before you run it.
latestvk9775f4j4cx4s0btyen2rtw7es850784memoryvk9775f4j4cx4s0btyen2rtw7es850784persistencevk9775f4j4cx4s0btyen2rtw7es850784semantic-recallvk9775f4j4cx4s0btyen2rtw7es850784
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🕉️ Clawdis