ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Core Capabilities V2

v2.0.1

工作助手核心能力集成包 - 包含 Obsidian/Git 同步、记忆数据库、自然语言查询工具、监控页面等完整能力。提供 memory_query_agent.py 工具和完整文档。

0· 66·0 current·0 all-time
by@awublack

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for awublack/core-capabilities-v2.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Core Capabilities V2" (awublack/core-capabilities-v2) from ClawHub.
Skill page: https://clawhub.ai/awublack/core-capabilities-v2
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install core-capabilities-v2

ClawHub CLI

Package manager switcher

npx clawhub@latest install core-capabilities-v2
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The package claims Obsidian/Git sync, memory DB, query tool and monitoring and does include a memory agent, monitor server and cron script. However the pieces are inconsistent: memory_query_agent.py uses a memory directory and memory.db colocated with the script, while monitor_server.py expects files under a hardcoded WORKSPACE = /home/awu/.openclaw/workspace. That mismatch suggests sloppy design or an assumption about the runtime environment that isn't declared in the skill metadata.
!
Instruction Scope
Runtime behavior includes reading local markdown files and an SQLite database and returning full 'content' fields via an HTTP API. monitor_server.py binds a TCPServer to "" (all interfaces) and sets Access-Control-Allow-Origin: *, making potentially sensitive memory content reachable from the network. The server also runs os.system('cd WORKSPACE && python3 cron_monitor.py ...'), invoking an arbitrary script in that workspace. These actions go beyond a simple local query tool and can expose or execute unverified code.
Install Mechanism
There is no formal install spec (lowest risk from registry perspective). However the package includes setup_cron.sh which, if run, will modify the user's crontab to run the agent every 30 minutes. That is a local persistence mechanism and should be considered a privileged operation that the user must consciously approve.
!
Credentials
The skill declares no required environment or credentials, but monitor_server.py hardcodes access to /home/awu/.openclaw/workspace and expects cron_monitor.py and memory.db there. The code will read workspace files (cron_status.json, memory.db, html) and may execute workspace scripts. These implicit accesses to a user workspace are not declared and could expose unrelated/secret files.
!
Persistence & Privilege
The skill does not set always:true, but it ships with a script that, when executed by the user, will add a cron job to persistently run the agent. The monitoring server also opens a network service (binds to all interfaces by default). Combined, these allow ongoing background access to local memories and network exposure if the user accepts the setup script.
What to consider before installing
This package implements the advertised features but contains risky defaults and inconsistencies. Before installing or running: (1) Inspect memory_query_agent.py, monitor_server.py and setup_cron.sh locally to confirm where data will be read/written. (2) Note monitor_server.py uses WORKSPACE = /home/awu/.openclaw/workspace (hardcoded) — change this to a safe directory or the script's directory if you plan to run it. (3) The monitor binds to all network interfaces and sets CORS to '*', and /api/memories returns full memory content — run it only on localhost or behind firewall, or change the server to bind to 127.0.0.1. (4) The server executes cron_monitor.py in that workspace via os.system; ensure that file is trusted before allowing it to run. (5) Do not run setup_cron.sh unless you want a persistent cron job; prefer running the agent manually or create a containerized/sandboxed environment for testing. (6) Consider backing up and scanning the memory.db for sensitive data before exposing it externally. If you want, I can list the exact lines that show the hardcoded path, the os.system call, and the HTTP/CORS exposure to help you modify the code safely.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b4y1mm3fsxq023z5hqfe20n84psf4
66downloads
0stars
2versions
Updated 2w ago
v2.0.1
MIT-0
@awublack
latest
Download

Core Capabilities v2 - 工作助手核心能力完整包

本技能包整合了工作助手的所有核心能力,提供完整的工具集、查询能力和使用指导。

📦 包含工具

  • memory_query_agent.py - 自然语言记忆查询工具
  • monitor_server.py - Web 监控服务器
  • setup_cron.sh - Cron 配置脚本

🎯 核心能力

  1. 🧠 Obsidian 和 Git 同步 - 完整的文件管理和版本控制
  2. 📊 记忆数据库 - SQLite 存储 + 自动同步(24 条记录)
  3. 🔍 自然语言查询 - 中文智能查询
  4. 📈 监控页面 - Web 实时监控

🚀 使用

# 查询记忆
python3 memory_query_agent.py "最近的记录"

# 交互模式
python3 memory_query_agent.py -i

# 查看状态
python3 memory_query_agent.py --sync-status

📊 状态

  • 数据库:24 条记录
  • 同步:每 30 分钟
  • 监控:8003 端口

💡 示例

用户:我们有哪些能力?
助手:我们有四大核心能力...

版本: 2.0.0
创建: 2026-04-12

Comments

Loading comments...