Skillv1.0.0

ClawScan security

中式智慧记忆引擎 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 1:09 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions generally match a 'long-term memory' feature, but there are notable inconsistencies and missing pieces (declared requirements vs SKILL.md, no install spec despite shipped code, reliance on another skill's setup script and Docker) that warrant caution before installing.
Guidance: Before installing: 1) Confirm which requirements are authoritative (the registry metadata or SKILL.md). SKILL.md requests Docker and an LLM_API_KEY — only provide the key if you trust the skill and understand how it will be used. 2) Inspect the referenced setup script (~/.openclaw/skills/mflow-memory/scripts/setup.sh) before running it; it may run containers or arbitrary commands. 3) Review bundled code (already included) and any scripts for network calls or unexpected behavior; the provided modules store data in ~/.mflow-memory-cn — consider privacy implications. 4) Ensure required Python packages (e.g., python-dateutil) will be installed securely or preinstall them in a controlled environment. 5) If you are unsure, run the skill in a sandboxed environment (isolated user account or container) or ask the author for an explicit install manifest and a reproducible, auditable installation script. If you need, I can list the exact files/lines to inspect in the setup script or check the truncated parts of wisdom_engine.py for external network calls.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (a culturally‑aware long‑term memory engine) matches the included Python modules (memory store, promise tracker, relationship manager, timing, wisdom). Requiring an LLM API key and Docker (as declared in SKILL.md) is plausible for enhanced inference and installing the original M-flow, but the registry metadata shown at the top lists no required env vars or binaries — that is inconsistent. The skill also declares 'extends: mflow-memory' (depends on another skill); this dependency is reasonable but should be explicit in registry metadata.
Instruction Scope: concernSKILL.md instructs running an external setup script: bash ~/.openclaw/skills/mflow-memory/scripts/setup.sh (i.e., running code from another skill's path). That script could execute arbitrary actions on the host. The instructions ask the agent to use Docker and to enhance/augment the original mflow-memory installation; they do not instruct reading unrelated system files, but directing the agent to run a local setup script in the user's skill directory is a high‑impact operation and should be audited before running.
Install Mechanism: concernThere is no formal install spec even though multiple Python source files are bundled. The SKILL.md requires Docker and calls an external setup script from ~/.openclaw/skills/mflow-memory/scripts/setup.sh (which may not exist and could perform arbitrary installs). Lack of a documented, reproducible install step (and shipping code without package/dependency metadata) increases risk because it's unclear how these files will be deployed/executed and what additional components (containers, pip packages) will be installed.
Credentials: noteSKILL.md declares LLM_API_KEY which is proportionate for a memory engine that may call a language model. No other credentials are requested. However, the registry summary earlier listed no required env vars (mismatch). The Python code shown writes data under the user's home (~/.mflow-memory-cn) and uses third‑party libraries (e.g., dateutil) that are not declared in the skill metadata — missing dependency declarations are a practical/deployment concern and could cause the skill to attempt to install packages at runtime.
Persistence & Privilege: noteThe skill does not request always:true and appears to store data only under ~/.mflow-memory-cn (per-module files). That is expected for a memory system. However, the runtime instructions to run another skill's setup script and use Docker imply the ability to alter system state and install services/containers; combining persistent storage with external setup scripts increases the blast radius and should be reviewed.