Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Conversation Archive
v1.0.0对话记忆仓库:自动归档 session 对话,保留原始记录,支持检索和误解纠正。可与 memory-never-forget 联动形成完整记忆体系。
⭐ 0· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match a conversation archiver. The included Python script (scripts/archive_session.py) legitimately implements session archiving to ~/.openclaw/workspace/conversation_archive and index updates, which is coherent with the stated purpose. However the SKILL.md claims broader capabilities (search_archive, get_session, extract_memories, embeddings integration, automatic handoff to memory-never-forget) that are not implemented in the code bundle — this is an inconsistency (documentation promises features that do not exist).
Instruction Scope
SKILL.md describes runtime tools and flows for archive_session, search_archive, get_session, extract_memories, retention rules, sensitive-data scanning/desensitization, and automated integration with memory-never-forget. The shipped code only contains a local archiver that writes a summarized archive (not the messages) and updates index.json. There is no implementation of search/get/extract/embeddings/cleanup/scanning, nor any code that integrates with other skills. The skill's instructions therefore give the agent capabilities it won't actually have, and assert privacy/sanitization behavior that the code does not perform.
Install Mechanism
No install spec and only a small Python script are included. There are no network downloads or third-party packages installed by the skill, which keeps install risk low. The script writes files to a per-user path (~/.openclaw/workspace/conversation_archive).
Credentials
The skill requests no environment variables or external credentials (proportional). However SKILL.md repeatedly claims not to store API keys/tokens and says messages are scanned/desensitized and subject to retention rules; the script does not implement sensitive-data scanning, does not store messages in the archive JSON, and does not implement retention or purging logic. That discrepancy affects privacy expectations and should be clarified.
Persistence & Privilege
always is false and the skill does not request elevated privileges. It creates and writes files under the user's home (~/.openclaw/workspace/conversation_archive) which is expected for a local archive. It does not modify other skills or global agent settings. Users should still be aware that session data will be written to disk.
What to consider before installing
This skill's documentation promises search, retrieval, embeddings, retention policies, desensitization, and integration with another memory skill, but the included code only provides a simple local archiver that writes summarized metadata and an index to ~/.openclaw/workspace/conversation_archive. Before installing or using it: (1) treat any archived session data as potentially sensitive because the code does not implement the advertised sensitive-data scanning or retention/cleanup; (2) if you need search/get/extract features or integration, request or review the implementation for those functions — they are missing; (3) inspect and, if necessary, modify the script to include proper redaction, retention enforcement, and access controls; (4) run it in a safe environment first and verify file locations, contents, and behavior; (5) avoid using it in production for sensitive conversations until the missing features and privacy guarantees are implemented and code-reviewed.Like a lobster shell, security has layers — review code before you run it.
latestvk978x3axhprbe0zv4brhggfb2h84cmxw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
💬 Clawdis