ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

file-archive-system

本地文件归档系统。把习惯、偏好、日程、每日记录和长期知识结构化存放到四层记忆目录,并通过 index.json 建立可检索索引。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 12 · 0 current installs · 0 all-time installs
by@lingmoon96-dev
MIT-0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to create and manage a local memory directory and index.json — the SKILL.md content stays on that topic. However, the recommended commands call 'python3 scripts/personal_ai_memory.py', while the skill declares no required binaries and includes no code files. Either the skill should declare 'python3' as a required binary or include the referenced scripts; the current mismatch is inconsistent.
!
Instruction Scope
Instructions are narrowly scoped to a personal-ai-memory directory and syncing it. But they explicitly recommend executing local Python scripts (init, reindex, archive). Because those scripts are not included, the agent or user could end up running arbitrary code if obtained from elsewhere. The instructions do not tell the agent to gather extra system context, which is good, but they do permit execution of code outside the SKILL.md's text.
Install Mechanism
There is no install spec and no code files, so nothing is written to disk by the skill itself. This is low-risk from an installation standpoint. The only risk comes from following the SKILL.md's runtime commands that call out to external scripts.
Credentials
The skill requests no environment variables, credentials, or config paths — proportionate for a local archive utility. The SKILL.md's sync suggestions (Git, iCloud, Syncthing) are reasonable but advise limiting sync scope to the memory directory; this is appropriate guidance.
Persistence & Privilege
The skill is not marked always:true and does not request elevated persistence. Autonomous invocation is allowed (platform default), but that alone is not a red flag here.
What to consider before installing
This skill's description and instructions are coherent in intent (local archive), but it recommends running python3 scripts that are not included and does not declare python3 as a required binary. Before installing or invoking: 1) Do not run the recommended commands unless you have audited the actual 'scripts/personal_ai_memory.py' file — the skill bundle did not provide it. 2) If you obtain the script from the author, review its source to confirm it only reads/writes inside the personal-ai-memory directory and does not access other system files or send data externally. 3) Ensure you have python3 installed in a controlled environment (use a virtualenv or sandbox). 4) When syncing the memory folder, restrict the sync scope to that folder and avoid exposing your entire workspace or secrets. 5) Ask the publisher for the missing scripts or for updated metadata that declares required binaries and provides source — absence of those details is the main reason this is flagged as suspicious.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk9786p17qkvnwarhz1j9cassk183zd2f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

File Archive System

将专属 AI 的记忆存储为本地结构化文件,便于检索、备份和多设备同步。

目录结构

personal-ai-memory/
├── identity/
├── working-memory/
├── short-term-logs/
├── long-term-memory/
├── archive/
└── index.json

推荐命令

python3 scripts/personal_ai_memory.py init
python3 scripts/personal_ai_memory.py reindex
python3 scripts/personal_ai_memory.py archive --keep-days 14

同步建议

  • 用 Git、iCloud Drive、Syncthing 或其他你已有的本地优先同步工具同步 personal-ai-memory/
  • 把同步范围限制在记忆目录,不要把整套工作区随意暴露到公共盘

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…