ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evermemos Openclaw Plugin

v1.4.0

Install and configure EverOS for OpenClaw natural-language memory. Use when users say: - "install everos" - "setup everos" - "install everos plugin" - "enabl...

0· 178·0 current·0 all-time
by@alwaysday1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what the files implement: a context-engine plugin that queries and writes to an EverOS backend. Declared behavior (recall before reply, save after turn) matches the code. Required resources (writes to ~/.openclaw, modifying openclaw.json, using a backend URL) are expected for this purpose.
Instruction Scope
SKILL.md and README instruct health checks, cloning/running EverMemOS, and running installer commands (npx/npm) or manual installer. Those steps are within the purpose, but they explicitly direct the operator to run network actions (git clone, docker compose, and a third‑party bootstrap script via curl | sh) that are external to OpenClaw; they also instruct changing OpenClaw config (setting contextEngine and disabling memory slot) and restarting the gateway. These are legitimate for onboarding but elevate operational risk and privacy exposure because conversation data will be sent to the configured backend.
Install Mechanism
There is no registry install spec in the package metadata, but the package contains a local installer (bin/install.js) and package.json including a bin `everos-install`. The recommended onboarding uses npx (fetches package from npm) or cloning GitHub and running the included installer. The SKILL.md also suggests running an external install script (https://astral.sh/uv/install.sh). These are expected for installing a backend/CLI but are higher‑risk than purely local installers because they execute code obtained from remote sources.
Credentials
The skill requests no environment variables or credentials and uses only HOME/USERPROFILE for locating configuration and plugin path. Network calls are limited to the configured EverOS baseUrl (default http://localhost:1995). There are no unrelated secret requests or references to other services' credentials.
Persistence & Privilege
always is false. The plugin will modify OpenClaw configuration (plugins.load.paths, plugins.allow, slots) and copy files into ~/.openclaw/plugins, which is appropriate for a plugin installer but is a persistent change to the agent environment. The runtime engine autonomously intercepts conversation turns (default platform behavior) and will transmit conversation content to the EverOS backend configured by the user.
Assessment
This plugin appears to be what it claims: a ContextEngine that fetches and saves conversation memory to an EverOS backend. Before installing, consider: 1) Privacy — the plugin will send user and assistant messages to the configured EverOS server (default http://localhost:1995). If you point baseUrl to a remote host you do not control, your conversation content will be transmitted to that host. 2) Configuration changes — the installer will modify ~/.openclaw/openclaw.json (set contextEngine to this plugin and set plugins.slots.memory = "none") and copy files into ~/.openclaw/plugins; this can disable other memory plugins. 3) Remote code execution — onboarding instructs running npx/npm and a third‑party curl | sh script for auxiliary tooling; these fetch and run code from the network. Review the remote URLs (npm package and the astral.sh script) or run installation in an isolated environment if you are uncomfortable. 4) Logs may include request/response bodies; if you have sensitive content, audit logging behavior. If you want stronger assurance, run the EverOS backend locally (per the README) and inspect the installer script contents before running. Proceed if you trust the upstream repo/package and are comfortable with the described configuration changes and data flow.
bin/install.js:217
Shell command execution detected (child_process).
bin/install.js:17
Environment variable access combined with network send.
!
bin/install.js:149
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9765xskjnraavqearmfnqtp7d835s6h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments