ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

memory_baidu_embedding_db

Semantic memory system using Baidu Embedding-V1 for secure, local vector storage and retrieval in Clawdbot with SQLite persistence.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 2.3k · 0 current installs · 0 all-time installs
by@xqicxx
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's files, SKILL.md and Python implementation all implement a Baidu Embedding → SQLite local memory system (consistent with the name). However the registry metadata declares no required environment variables while the documentation and code clearly require BAIDU_API_STRING and BAIDU_SECRET_KEY — an important metadata mismatch. The code also expects a sibling module (baidu-vector-db/baidu_embedding_bce_v3) by manipulating sys.path to /root/clawd/skills/baidu-vector-db/ which is not present in the provided manifest, indicating an unstated dependency.
!
Instruction Scope
Runtime instructions and included scripts (e.g., memory_skill_full_verification.sh, DISABLE_LANCEDB.md) reference absolute root paths (/root/clawd, /root/.nvm/...) and external components (git-notes memory, baidu-vector-db). The DISABLE_LANCEDB.md and example commands recommend renaming node_modules to disable a different extension — this modifies other installed components and goes beyond a memory plugin's narrow scope. Some docs/scripts also suggest echoing environment variables and adding secrets to shell rc files, which risks credential exposure in logs/terminal history.
Install Mechanism
There is no automated install spec (no downloads or package installs). All code is shipped in the skill bundle, so no remote fetch occurs during install. That lowers install-time supply-chain risk. However, the code expects additional local modules (baidu-vector-db) which are not included.
!
Credentials
The skill legitimately needs Baidu API credentials for embeddings (BAIDU_API_STRING and BAIDU_SECRET_KEY), which is proportionate to its stated purpose. But the skill metadata fails to declare these environment variables as required, and multiple files instruct printing or persisting the secrets in shell rc files (echo $BAIDU_SECRET_KEY, writing export lines to ~/.bashrc) — practices that increase the risk of credential exposure. No other unrelated credentials are requested.
!
Persistence & Privilege
The skill does not set always:true and allows normal autonomous invocation. However included docs/scripts instruct modifying other system components (disabling memory-lancedb by renaming its directory under /root/.nvm) and reference system-wide paths (Git repo at /root/clawd). Those actions impact other skills and system state beyond the skill's own files and therefore raise privilege/persistence concerns.
What to consider before installing
This package appears to implement a Baidu-embedding local memory system and will need your Baidu Qianfan API credentials (BAIDU_API_STRING, BAIDU_SECRET_KEY). Before installing: 1) Note the metadata omission — the registry did NOT declare the required env vars even though the code and docs require them; don't assume the platform will prompt for those keys. 2) Inspect and confirm the presence of the referenced sibling module (baidu-vector-db / baidu_embedding_bce_v3) or supply a vetted implementation; the skill appends absolute /root paths to sys.path which may not exist in your environment. 3) Be cautious about the scripts that reference /root paths and suggest renaming other modules to disable memory-lancedb — those instructions modify other system components and could break other extensions; back up anything you might change. 4) Avoid pasting secrets into shell history or committing them to ~/.bashrc; prefer a secrets manager or restricted-permission files. 5) Test in an isolated environment (container or VM) first to observe filesystem interactions and network calls, and consider reviewing the entire codebase for any hard-coded paths or logging of secrets. If you want to proceed but lack the expertise, ask the maintainer to: declare required env vars in metadata, remove/parameterize absolute /root paths, and remove instructions that modify other extensions.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.1
Download zip
latestvk971yscv7ka2c404xye00410xs80gmnq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Memory Baidu Embedding DB - Semantic Memory for Clawdbot

Vector-Based Memory Storage and Retrieval Using Baidu Embedding Technology

A semantic memory system for Clawdbot that uses Baidu's Embedding-V1 model to store and retrieve memories based on meaning rather than keywords. Designed as a secure, locally-stored replacement for traditional vector databases like LanceDB.

🚀 Features

  • Semantic Memory Search - Find memories based on meaning, not just keywords
  • Baidu Embedding Integration - Uses Baidu's powerful Embedding-V1 model
  • SQLite Persistence - Local, secure storage without external dependencies
  • Zero Data Leakage - All processing happens locally with your API credentials
  • Flexible Tagging System - Organize memories with custom tags and metadata
  • High Performance - Optimized vector similarity calculations
  • Easy Migration - Drop-in replacement for memory-lancedb systems

🎯 Use Cases

  • Conversational Context - Remember user preferences and conversation history
  • Knowledge Management - Store and retrieve information semantically
  • Personalization - Maintain user-specific settings and preferences
  • Information Retrieval - Find related information based on meaning
  • Data Organization - Structure memories with tags and metadata

📋 Requirements

  • Clawdbot installation
  • Baidu Qianfan API credentials (API Key and Secret Key)
  • Python 3.8+
  • Internet connection for initial API calls

🛠️ Installation

Manual Installation

  1. Place the skill files in your ~/clawd/skills/ directory
  2. Install dependencies (if any Python packages are needed)
  3. Configure your Baidu API credentials

Configuration

Set environment variables:

export BAIDU_API_STRING='${BAIDU_API_STRING}'
export BAIDU_SECRET_KEY='${BAIDU_SECRET_KEY}'

🚀 Usage Examples

Basic Usage

from memory_baidu_embedding_db import MemoryBaiduEmbeddingDB

# Initialize the memory system
memory_db = MemoryBaiduEmbeddingDB()

# Add a memory
memory_db.add_memory(
    content="The user prefers concise responses and enjoys technical discussions",
    tags=["user-preference", "communication-style"],
    metadata={"importance": "high"}
)

# Search for related memories using natural language
related_memories = memory_db.search_memories("What does the user prefer?", limit=3)

Advanced Usage

# Add multiple memories with rich metadata
memory_db.add_memory(
    content="User's favorite programming languages are Python and JavaScript",
    tags=["tech-preference", "programming"],
    metadata={"confidence": 0.95, "source": "conversation-2026-01-30"}
)

# Search with tag filtering
filtered_memories = memory_db.search_memories(
    query="programming languages",
    tags=["tech-preference"],
    limit=5
)

🔧 Integration

This skill integrates seamlessly with Clawdbot's memory system as a drop-in replacement for memory-lancedb. Simply update your configuration to use this memory system instead of the traditional one.

📊 Performance

  • Vector Dimension: 384 (Baidu Embedding-V1 output)
  • Storage: SQLite database (~1MB per 1000 memories)
  • Search Speed: ~50ms for 1000 memories (on typical hardware)
  • API Latency: Depends on Baidu API response time (typically <500ms)

🔐 Security

  • Local Storage: All memories stored in local SQLite database
  • Encrypted API Keys: Credentials stored securely in environment variables
  • No External Sharing: Memories never leave your system
  • Selective Access: Granular control over what gets stored

🔄 Migration from memory-lancedb

  1. Install this skill in your skills/ directory
  2. Configure your Baidu API credentials
  3. Initialize the new system
  4. Update your bot configuration to use the new memory system
  5. Verify data integrity and performance

🤝 Contributing

We welcome contributions! Feel free to submit issues, feature requests, or pull requests to improve this skill.

Files

27 total
Select a file
Select a file to preview.

Comments

Loading comments…