Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cross-Agent Memory Sharing
v1.0.0Enable multiple agents to share, merge, and sync memories using standardized formats, priority rules, and Git-based version control for collective intelligence.
⭐ 0· 628·4 current·4 all-time
byceelo@weidadong2359
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (cross-agent memory sharing) align with the provided SKILL.md and sync.mjs which implement Git-based sharing and local import/export. However the default SHARED_MEMORY_REPO is a personal GitHub URL (https://github.com/weidadong2359/agent-memory-shared.git) baked into the code even though no repository or credential is declared in the metadata. Defaulting to an external, author-controlled repo is unexpected and disproportionate to the declared requirements.
Instruction Scope
SKILL.md shows push/pull/subscribe examples and Git-based workflows; sync.mjs actually clones a repo to WORKSPACE/.shared-memory, reads WORKSPACE/MEMORY.md, writes per-agent memory files, commits, and pushes. That behavior can transmit local workspace contents to the remote repo. SKILL.md references an automatic merge script (node skills/cross-agent-memory/merge-conflicts.mjs) that is not present in the package — an inconsistency. The README's examples also point to external endpoints (memory-hub.example.com) and require tokens but do not declare or document exactly which credentials or environment variables will be used.
Install Mechanism
There is no install spec; this is an instruction-only skill with a small Node script. Nothing is downloaded during install by the skill itself. The runtime does invoke system git via child_process execSync, which is expected for the stated Git-based approach.
Credentials
package and SKILL.md declare no required env vars, but sync.mjs reads OPENCLAW_WORKSPACE, SHARED_MEMORY_REPO, and AGENT_ID from environment and defaults SHARED_MEMORY_REPO to an author GitHub repo. The skill implicitly requires Git credentials (e.g., SSH key, git credential helper, or GH token) to push; those credentials are neither declared nor explained. Requesting write access to a remote repo is a high-impact capability that should be explicit and limited to a user-controlled endpoint.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The script writes a .shared-memory directory in the workspace and creates per-agent files, which is expected for its purpose but means it will persist synced data on disk. It does not modify other skills or system-wide configs.
What to consider before installing
Before installing or running this skill: 1) Treat the default remote repo as untrusted — change SHARED_MEMORY_REPO to a repository you control, or set it explicitly via environment so nothing is pushed to the author’s repo. 2) Understand what will be uploaded: the script reads WORKSPACE/MEMORY.md and will commit/push files under WORKSPACE/.shared-memory; do not run it in a workspace that contains sensitive data. 3) Provide and manage Git credentials securely (SSH key or personal access token) and do not store broad tokens in cleartext; the skill currently does not declare or document credential handling. 4) Note the SKILL.md references a merge-conflicts script that is missing — ask the author for the missing file or review/implement conflict resolution yourself. 5) Review sync.mjs source line-by-line (it uses execSync to run git commands) and run it first in a sandboxed environment. If you need this functionality, prefer hosting the shared repo in your own organization and require an explicit configuration step that disallows defaulting to external author-controlled endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk97agwan4adanber00m5gcdgzn82247p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.