Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
LLM Memory Integration
v1.0.6LLM + 向量模型集成方案。支持任意 LLM + Embedding 模型,用户自行配置。支持混合检索、智能路由、渐进式启用、用户画像自动更新。
⭐ 0· 6·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (LLM + vector memory integration) match the included code: many modules implement embedding/LLM calls, vector DB access, routing, deduplication, persona updates and maintenance. However there are metadata inconsistencies: top-level registry metadata earlier claimed 'no required env vars / no required binaries', while config.json and SKILL.md list required binaries (python3, sqlite3) and the code expects LLM/embedding API keys (from config files or env). The presence of many maintenance/one‑click setup scripts is consistent with the stated purpose but increases surface area.
Instruction Scope
SKILL.md instructs running a set of local scripts (one_click_setup.py, one_click_vector_setup.py, progressive_setup.py, vsearch, llm-analyze, etc.) which will read/write files under the user's home (~/.openclaw/*) including persona.md, vectors.db, caches, logs and config files. Scripts open network connections to user-configured LLM/embedding endpoints and send data (query texts, memory snippets) to those endpoints. Several scripts use sqlite3 and attempt to load a vector extension (.so/.vec) from a path under ~/.openclaw/extensions — loading extensions into SQLite can execute native code and is a higher-risk operation. The instructions mention runs that could be automated (maintenance cron entries) and include a one-click setup (content of that script was not fully shown), so the agent could be directed to perform system-level configuration — review those scripts before running.
Install Mechanism
There is no external install spec (no downloads at runtime), which limits remote code fetch risk. However the skill bundle includes 59 files that will be written into the agent workspace when installed; those files contain runnable Python scripts. No third-party package installs or remote binary downloads are declared in the provided files. This is lower risk than an arbitrary remote download, but still significant because the included scripts will be executed locally.
Credentials
Registry metadata declares no required env vars/credentials, but the code expects user-provided LLM and embedding API keys via config/llm_config.json or environment variables (e.g., EMBEDDING_API_KEY). Multiple modules add x-api-key/x-uid headers and call user-configurable endpoints. Requesting LLM/embedding credentials is appropriate for this skill, but the absence of declared required credentials in the registry is an inconsistency that could mislead users. Also scripts reference extensions and other plugin paths (~/.openclaw/extensions/memory-tencentdb) which could grant access to other components if those directories are present.
Persistence & Privilege
The skill does not request always:true and does not declare modifications to other skills. It writes and updates files under the user's home (~/.openclaw/*), maintains caches and logs, and documents cron tasks (maintenance_cron.txt) that the user may add manually. Because the bundle includes a one-click setup script (one_click_setup.py / one_click_vector_setup.py) whose full content was truncated in the provided listing, there is a risk that those scripts could install cron jobs or make persistent system changes; they should be inspected before running.
What to consider before installing
Summary of what to check before installing/running this skill:
- Credentials: The skill requires LLM and embedding API keys (in config/llm_config.json or via environment). Do not reuse high-privilege keys. Prefer creating scoped/test keys and point base_url to trusted endpoints.
- Files written: The skill will read/write many files under ~/.openclaw (persona.md, vectors.db, caches, logs, config). Backup any existing persona.md and vectors.db before running.
- Network traffic / data exposure: The skill sends query texts and memory snippets to the configured LLM/embedding endpoints. Treat that as potential data exfiltration — only configure trusted endpoints and be careful with sensitive content.
- SQLite extension loading: Several scripts attempt to load a vector extension (.so) from ~/.openclaw/extensions/... Loading native extensions can execute arbitrary native code. Verify the extension binaries come from a trusted source before allowing extension loading.
- One-click/setup scripts & cron: Inspect one_click_setup.py, one_click_vector_setup.py and any setup scripts for actions like adding crontab entries, changing permissions, or downloading remote code. The provided listing truncates some files — obtain and review full contents of those scripts first.
- Least privilege & testing: Run the skill in an isolated environment (e.g., separate test user account, container, or virtual machine) first. Limit API keys and monitor network traffic during initial runs.
- Audit logs and behavior: Review the log files created under ~/.openclaw (maintenance and persona update logs) after first runs to confirm expected behavior. If you do not want automatic persona changes, disable auto_update in config/persona_update.json or run persona update scripts manually.
If you can share the full contents of the truncated scripts (notably one_click_setup.py, one_click_vector_setup.py and any install/daemon scripts), I can re-evaluate and raise the confidence level. If you are not comfortable auditing the scripts, treat this skill as potentially risky and avoid running the setup without code review.Like a lobster shell, security has layers — review code before you run it.
embeddingvk97e8v9cv5pv9aa698ve265vzn84a52ahybridvk97e8v9cv5pv9aa698ve265vzn84a52alatestvk97e8v9cv5pv9aa698ve265vzn84a52allmvk97e8v9cv5pv9aa698ve265vzn84a52amemoryvk97e8v9cv5pv9aa698ve265vzn84a52arrfvk97e8v9cv5pv9aa698ve265vzn84a52asearchvk97e8v9cv5pv9aa698ve265vzn84a52avectorvk97e8v9cv5pv9aa698ve265vzn84a52a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.