ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Correlation Memory Search

v2.1.0

Correlation-aware memory search plugin for OpenClaw — automatically retrieves related decision contexts when you query memory. Zero external dependencies. In...

0· 109·0 current·0 all-time
byaustrian_guy@ether-btc

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ether-btc/correlation-memory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Correlation Memory Search" (ether-btc/correlation-memory) from ClawHub.
Skill page: https://clawhub.ai/ether-btc/correlation-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install correlation-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install correlation-memory
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The stated purpose (fetch correlated memory contexts) is consistent with the repo contents (rules, examples, tools). However the docs/changelog mention webhooks, heartbeat integration and an included surfacing script (correlation-surfacing.sh) which implies proactive scanning and possible network/webhook interactions — this contradicts the SKILL.md/README assertion of 'no network' and 'zero external runtime dependencies'.
!
Instruction Scope
SKILL.md instructs cloning from GitHub and running npm install and installing as an OpenClaw plugin (expected). But the docs recommend heartbeat integration that invokes a provided script periodically (surfacing on every N heartbeats) which expands runtime behavior beyond just responding to explicit memory queries. Uninstall.sh edits OpenClaw config (writes) and accepts OPENCLAW_CONFIG_PATH — SKILL.md claimed 'read-only local file operations' for runtime, but the bundled scripts do perform writes (during uninstall) and the plugin repository contains scripts that read session context. The instructions also claim no env var usage while some scripts/docs mention environment variables and the uninstall script accepts one.
Install Mechanism
There is no platform-provided install spec in the registry, but SKILL.md instructs users to git clone https://github.com/ether-btc/openclaw-correlation-plugin.git and run npm install. GitHub is a common host and not inherently suspicious, but any git+npm install downloads code to disk and pulls packages from npm (package-lock.json is present). The skill's text claims 'zero external runtime dependencies' and that npm will only pull a peer dependency and devDeps — this should be verified by inspecting package.json / package-lock.json to confirm there are no runtime dependencies or postinstall scripts.
!
Credentials
Registry metadata lists no required env vars, and SKILL.md claims no credential or env access. But multiple docs reference environment variables: uninstall.sh honors OPENCLAW_CONFIG_PATH, CHANGELOG references 'Secrets via environment variables (not hardcoded)', and production docs talk about heartbeat scripts that will read session context (which may contain secrets). These contradictions mean the claim of 'no env/credential access' is not fully supported by the repo metadata; inspect code for process.env usage and any code that reads credential/config files.
Persistence & Privilege
The skill is not force-installed (always: false) and uses normal plugin lifecycle; it doesn't request global privileges in the registry metadata. However the repository encourages placing a surfacing script into your heartbeat loop (proactive periodic execution) and includes an uninstall script that modifies ~/.openclaw/openclaw.json — both behaviors increase runtime presence compared with a purely on-demand tool. This is explainable for this plugin's purpose but worth confirming you want periodic surfacing.
What to consider before installing
This package largely appears to implement the stated correlation-memory feature, but there are notable contradictions you should verify before installing: - Inspect index.ts (and any scripts under scripts/ or the repo root) for any network calls (http(s), WebSocket, fetch, axios, node 'net' or 'http' usage), webhook endpoints, or process.env access. The CHANGELOG mentions webhook HMAC behavior which conflicts with the 'no network' claim. - Open package.json and package-lock.json: confirm runtime dependencies are only the OpenClaw SDK peer dependency (and that npm won't pull unexpected runtime packages or postinstall scripts). Look for postinstall/postinstall scripts or unusual install hooks. - Grep the repo for suspicious strings: 'fetch(', 'require("http"', 'process.env', 'https://', 'WEBHOOK', 'HMAC', 'ssh', 'curl', 'scp', or IP addresses. If you find network code, identify where and why it runs (startup vs opt-in debug path). - Review uninstall.sh to understand exactly what it writes/backs up and whether you consent to those modifications. Test uninstall in a sandbox or staging OpenClaw config first. - If you require a strict 'no-network, no-environment' guarantee, do not install until index.ts and scripts are audited and you confirm no outbound network or secret-reading behavior. - Prefer installing from an authenticated source: verify the GitHub repo owner, check commit history/signatures, and validate the package contents (SHA) if available. The registry metadata lacks a homepage and source verification which lowers trust. If you want, I can: (1) show a prioritized checklist of exact grep commands to run locally, or (2) analyze the index.ts and uninstall.sh contents here if you paste them (or allow me to extract specific parts) and report any network/env/file-write operations I find.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cf5mqq3w4bf7xe4pm48t31s84wz6c
109downloads
0stars
3versions
Updated 1w ago
v2.1.0
MIT-0
austrian_guy@ether-btc
latest
Download

Correlation Memory Plugin

Correlation-aware memory search for OpenClaw — automatically retrieves related contexts when you query memory.

What It Does

When you search memory for topic X, this plugin also fetches related contexts Y and Z that consistently matter together — based on correlation rules you define.

Example: search for "backup error" → plugin also retrieves "last backup time", "recovery procedures", and "similar errors" — because those contexts are correlated by rule.

Key Features

  • Decision-context retrieval — surfacing related information before you ask for it
  • Word-boundary keyword matching — no false positives from partial matches
  • Confidence scoring — filter/sort by how reliable a correlation is
  • Multiple matching modes — auto, strict, lenient
  • Result limitingmax_results parameter prevents output bloat
  • mtime cache — rules reloaded only when correlation-rules.json changes
  • LRU regex cache — bounded at 500 entries, no memory leaks
  • Debug tool — understand why a given context triggered specific correlations
  • Lifecycle states — rules can be promoted/archived/disabled without deletion

Security

  • Zero external runtime dependencies (index.ts only imports openclaw/plugin-sdk)
  • Read-only local file operations (no network, no writes)
  • No credential or environment variable access
  • Workspace path resolved via OpenClaw SDK only
  • npm install fetches only openclaw (peerDep) + vitest (devDep, not bundled) — no postinstall scripts

Correlation Rules

Rules live in memory/correlation-rules.json in your workspace. Example:

{
  "id": "cr-config-001",
  "trigger_context": "config-change",
  "trigger_keywords": ["config", "setting", "openclaw.json", "modify"],
  "must_also_fetch": ["backup-location", "rollback-instructions"],
  "relationship_type": "constrains",
  "confidence": 0.95,
  "lifecycle": { "state": "promoted" }
}

Active states: promoted, active, testing, validated, proposal

Tools Provided

ToolDescription
memory_search_with_correlationEnhanced memory search — automatically fetches correlated contexts from correlation rules
correlation_checkDebug tool — shows which rules matched and why without performing searches

Installation

cd ~/.openclaw/extensions
git clone https://github.com/ether-btc/openclaw-correlation-plugin.git correlation-memory
cd correlation-memory && npm install

# Add to openclaw.json
openclaw plugins install correlation-memory
openclaw gateway restart

Requires OpenClaw >= 2026.1.26.

Note: npm install pulls the OpenClaw peer dependency and vitest (dev/test only). The runtime plugin makes no network calls and has zero external dependencies.

See Also

  • README.md — Full documentation with examples, configuration, architecture
  • correlation-rules.example.json — Production-quality rule examples
  • docs/schema.md — Full rule schema reference
  • .sanitization-audit.md — Security audit results
  • tests/correlation.test.ts — Unit tests

Comments

Loading comments...