ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Customer Memory

v1.0.0

Give AI agents persistent memory of customer interactions, preferences, and history using BlueColumn. Use when building customer support agents, sales agents...

0· 58·0 current·0 all-time
by@bluecolumnconsulting-lgtm

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bluecolumnconsulting-lgtm/customer-memory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Customer Memory" (bluecolumnconsulting-lgtm/customer-memory) from ClawHub.
Skill page: https://clawhub.ai/bluecolumnconsulting-lgtm/customer-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install customer-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install customer-memory
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (persistent customer memory via BlueColumn) plausibly requires an API key and remote endpoints — which the SKILL.md includes. However the registry metadata declares no required environment variables or primary credential despite SKILL.md explicitly saying a BlueColumn API key (bc_live_*) is required. That mismatch is unexplained and reduces trust.
!
Instruction Scope
The runtime instructions tell the agent to store and recall customer data (emails, issues, preferences) to a remote API and to tag records with customer emails. They reference reading an external TOOLS.md for the API key (that file is not present). The instructions encourage sending PII to the external endpoint with no guidance on consent, minimization, retention, or encryption — raising privacy/compliance concerns. The endpoints and fields used are explicit and limited to the BlueColumn API, which fits the purpose, but missing artifacts and lack of data-handling guidance are problematic.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing gets written to disk during install. That minimizes install risk.
!
Credentials
SKILL.md requires a bc_live_* API key but the skill metadata lists no required env vars or primary credential. This omission is disproportionate and inconsistent. Additionally, the skill expects the agent/operator to provide that key (and to read TOOLS.md), but gives no secure retrieval or storage instructions beyond 'store securely — never log', and it instructs tagging records with customer emails (exposing PII to the third party).
Persistence & Privilege
The skill is not set always:true and does not request elevated platform privileges. Autonomous model invocation is allowed (the default) but is not combined with other privilege escalations in this package.
What to consider before installing
Do not install blindly. Verify the BlueColumn service and endpoint before sending real customer data: 1) Confirm the base URL (https://xkjkwqbfvkswwdmbtndo.supabase.co/...) is an official BlueColumn endpoint by checking BlueColumn's official docs or contacting their support; the skill claims bluecolumn.ai is the provider but the registry provides no homepage. 2) Require the publisher to update the registry metadata to declare the required env var (bc_live_*) and provide secure key-handling instructions (how the agent will access the key). 3) Because the skill stores PII externally, review privacy/regulatory rules (GDPR/CCPA) and ensure consent, minimization, and retention policies are met; consider tagging or hashing identifiers instead of storing raw emails. 4) The SKILL.md references TOOLS.md which is missing — ask the author to supply or clarify. 5) Test with non-sensitive dummy data first and audit what is sent to the endpoint. If you cannot verify the endpoint or get corrected metadata, treat the skill as untrusted and do not send customer data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crj41kmxn3z1wrcaw8wk8xh84zqr4
58downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@bluecolumnconsulting-lgtm
latest
Download

Customer Memory Skill

Persistent customer context for support, sales, and success agents backed by BlueColumn.

Setup

Read TOOLS.md for the BlueColumn API key (bc_live_*). Keys are generated at bluecolumn.ai/dashboard. Store securely — never log or expose them.

Base URL: https://xkjkwqbfvkswwdmbtndo.supabase.co/functions/v1 (BlueColumn's official backend — bluecolumn.ai runs on Supabase Edge Functions)

Store Customer Interaction

curl -X POST .../agent-remember \
  -H "Authorization: Bearer <key>" \
  -d '{
    "text": "Customer: jane@acme.com. Issue: API rate limiting on Developer plan. Resolved by upgrading to Builder. Prefers email communication. Tech stack: Python + LangChain.",
    "title": "Customer: jane@acme.com - 2026-04-14"
  }'

Store Quick Customer Note

curl -X POST .../agent-note \
  -H "Authorization: Bearer <key>" \
  -d '{
    "text": "jane@acme.com prefers async email over live chat",
    "tags": ["customer", "jane@acme.com", "preference"]
  }'

Recall Customer History

curl -X POST .../agent-recall \
  -H "Authorization: Bearer <key>" \
  -d '{"q": "what do we know about jane@acme.com and her past issues?"}'

Workflow

New interaction:

  1. Query customer history first: "what do we know about [customer]?"
  2. Use context to personalize response
  3. After interaction → store summary via /agent-remember
  4. Store key preferences via /agent-note with customer email tag

Support ticket:

  1. Recall similar past issues: "have we seen this error before?"
  2. Resolve using historical context
  3. Log resolution with outcome

Title Convention

"Customer: <email> - <YYYY-MM-DD>"

Use consistent email-based naming so recall queries work accurately across all interactions with the same customer.

Tags to Use

  • Customer email (e.g. jane@acme.com)
  • support, sales, onboarding
  • resolved, pending, escalated
  • Plan tier: free, developer, builder, scale

See references/api.md for full API reference.

Comments

Loading comments...