Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Awareness Memory

v0.3.7

Persistent memory across sessions — local-first, no account needed. Automatically recalls past decisions, code, and tasks before each prompt, and saves sessi...

⭐ 0· 448·0 current·0 all-time

byAwareness@edwin-hao-ai

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill claims 'local-first, no account needed' and 'never reads/stores/transmits file contents or credentials beyond its own API key', but the included scripts clearly call an external API (default awareness.market), read workspace files (MEMORY.md, memory/*.md) and OpenClaw session JSONL files, and upload that content to the remote endpoint (scripts/import.js, scripts/recall.js). The requirement of only 'node' is plausible, but the requested filesystem and network access is broader than the high-level description implies.

Instruction Scope

Runtime hooks run recall.js before each prompt which sends the prompt to the configured Awareness endpoint; import.js scans and sends local MEMORY.md, recent daily logs, and session JSONL files to the remote memory API; poll-auth.js spawns a background poller and patches ~/.openclaw/openclaw.json. These behaviors go beyond simple 'injecting short context' and contradict the SKILL.md claim that it does not capture file contents or environment variables.

✓

Install Mechanism

There is no download/install spec — the skill is provided as scripts and SKILL.md and requires only node on PATH. No remote installers or archive downloads were found in the manifest, which reduces supply-chain risk compared with arbitrary URL installs.

Credentials

requires.env is empty, yet scripts read and write files in the user's HOME (e.g., ~/.awareness/, ~/.openclaw/), consult environment variables (HOME, PWD, CLAUDE_PLUGIN_ROOT), and optionally write API key and memory id into files and (per SKILL.md) shell profile. The skill will persist credentials/config in user config files and can optionally modify other plugin config entries — this is more privileged than the declared requirements imply.

Persistence & Privilege

The skill spawns a detached background poller (poll-auth.js) during device auth, writes caching and credential files under ~/.awareness/, creates a migration marker in the workspace, and directly patches the global OpenClaw config (~/.openclaw/openclaw.json) to store apiKey/memoryId and to add entries for plugins.entries['openclaw-memory']. Modifying other skills' or global config files is out-of-scope for a simple memory-injection skill and increases blast radius.

What to consider before installing

This skill will automatically send each prompt (and — if configured or during import — lots of local content) to a remote Awareness endpoint unless you run a local daemon. Notable concerns: - scripts/import.js will read and upload MEMORY.md, daily logs under memory/, and recent session JSONL files (~/.openclaw/agents/...) to the remote API. That contradicts the SKILL.md 'no file contents captured' claim. - Device auth will spawn a background poller (poll-auth.js) and write credentials/cache under ~/.awareness/ and will also patch ~/.openclaw/openclaw.json to insert API keys and plugin config (it modifies global agent/plugin config files). - The recall hook runs before every prompt and sends the prompt text to the configured endpoint (default awareness.market) for semantic retrieval. Before installing: - Inspect the exact code (you have it) and confirm you trust the remote service (awareness.market) and the GitHub repo referenced. - If you only want local-only behavior, run a local daemon and confirm recall.js uses local mode; test in an isolated environment first. - Back up ~/.openclaw/openclaw.json and any other important config; consider running with a throwaway workspace to observe behavior. - If you are uncomfortable with session or file uploads or global config modification, do not enable the skill or remove the import/poll-auth hooks and the import script before use. If you want, I can list the exact lines/files that perform: (a) session and file reads and uploads, (b) writing/modifying ~/.openclaw/openclaw.json, and (c) the network endpoints called, to help a focused audit.

✗

scripts/headless-auth.js:63