Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hongnao Memory V1.0.0
v1.0.0为 OpenClaw 提供长期记忆管理,支持跨会话持久化、智能检索和用户偏好学习,提升记忆存储与检索效率。
⭐ 0· 27·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description and most files align with a long‑term memory plugin for OpenClaw (extraction, consolidation, retrieval, update, preference learning). However the registry/skill metadata claims 'instruction-only' while many code files are bundled — an internal mismatch. Some referenced files in docs (main.py, test_session_integration.py) are missing from the manifest or file list, and several modules import different filenames (memory_consolidation imports memory_extraction while actual extraction file is memory_extraction_v3.py). These inconsistencies are not expected for a production release.
Instruction Scope
SKILL.md and README instruct running install_hongnao.py which copies plugin code into the user's OpenClaw workspace and creates a config file (~/ .openclaw/workspace/hongnao_memory). For a memory plugin, copying files and creating configs is expected, and the code legitimately needs access to session data for syncing. But the instructions reference files/entrypoints that are missing or mismatched, and installer prompts (and sample code) give broad discretion to auto‑sync sessions — inspect openclaw_integration.py before granting access. No explicit instructions were found to exfiltrate secrets, but the installer will write files into the user's home workspace.
Install Mechanism
Installer is a local Python script (install_hongnao.py) that copies bundled files and writes a config and requirements.txt — no remote downloads or URL fetches observed in the provided files. This is lower risk than remote installers, but it will place code into the user's workspace and create configuration files.
Credentials
The skill declares no required environment variables, no credentials, and no special config paths beyond writing its own config under the OpenClaw workspace. That matches the described purpose. (Note: the installer checks/imports modules and suggests installing 'sqlite3' via pip which is incorrect — sqlite3 is stdlib; minor sloppy detail.)
Persistence & Privilege
always:false (good). The installer copies files into the user's ~/.openclaw/workspace (or specified workspace) and creates configuration files — this gives persistent presence within the OpenClaw workspace but does not modify other skills or system settings. Because autonomous invocation is allowed by default, the agent could use the integrated memory features automatically; if you do not trust the code, disable autonomous invocation or review code first.
What to consider before installing
This package appears to be a legitimate OpenClaw memory plugin, but it contains multiple red flags from poor engineering rather than clear maliciousness: files referenced in docs or installer are missing, some modules import inconsistent filenames (memory_extraction vs memory_extraction_v3), and docs make unrealistically strong performance claims. The installer will copy code into your ~/.openclaw/workspace and create config files — review the code first. Recommended steps before installing: 1) Inspect openclaw_integration.py and any truncated/omitted files for network calls or endpoints; 2) Run the installer in an isolated/sandbox environment or a disposable OpenClaw workspace; 3) Fix or validate the import/name mismatches and missing files (or ask the publisher for a clean release); 4) Run the included tests (in sandbox) to see runtime errors; 5) Only enable autonomous invocation after you vet the code. If you cannot validate the missing/mismatched files or the publisher, treat this as untrusted and avoid installing into a production OpenClaw workspace.Like a lobster shell, security has layers — review code before you run it.
latestvk974dsa8ks6qqyg1embrqcpj4s84t6h1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.