ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mem

v0.1.0

Search local memory index (local-first). Use for /mem queries in Telegram.

0· 1.3k·6 current·6 all-time
by@trumppo

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for trumppo/mem.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "mem" (trumppo/mem) from ClawHub.
Skill page: https://clawhub.ai/trumppo/mem
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install trumppo/mem

ClawHub CLI

Package manager switcher

npx clawhub@latest install mem
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (local-first memory search for /mem) align with the actions described (update index, search index). The skill does not request unrelated credentials, binaries, or config paths.
!
Instruction Scope
The SKILL.md tells the agent to run scripts/index-memory.py and scripts/search-memory.py but those scripts are not included or described. Because the skill is instruction-only, the agent will execute whatever code exists at those paths in the host environment; that code could read arbitrary local files, modify data, or transmit data externally. The instructions are also vague ('if needed'), giving runtime discretion.
Install Mechanism
No install spec (instruction-only), so nothing is fetched or written by the skill itself. This lowers remote install risk but increases reliance on external files whose contents are unknown.
Credentials
The skill declares no environment variables, credentials, or config paths. There is nothing requested that appears disproportionate to local memory search.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system-wide settings. Note: model invocation is enabled (default), so the agent could call this skill autonomously — this is normal but combined with the instruction-scope concern increases the blast radius.
What to consider before installing
Before installing or enabling this skill: (1) verify that the referenced scripts (scripts/index-memory.py and scripts/search-memory.py) exist in the environment and inspect their source — do not run them if you can't review them; (2) ensure those scripts only access the local memory index and do not read or transmit unrelated files or credentials; (3) if possible, run the scripts in a restricted or sandboxed environment first; (4) consider limiting the agent's autonomous invocation for this skill (or require explicit user confirmation) until you trust the scripts; (5) ask the skill author to include the implementation or a detailed spec in the package so behavior is auditable. These steps will reduce the risk that the skill executes unexpected or exfiltrating code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97116mx6pgagyf4r8demteyb580sjt3
1.3kdownloads
0stars
1versions
Updated 3h ago
v0.1.0
MIT-0
@trumppo
latest
Download

Memory Search (/mem)

Overview

Run local-first memory search using the cached index.

Usage

  1. Update the index if needed:
scripts/index-memory.py
  1. Search the index with the user query:
scripts/search-memory.py "<query>" --top 5

Output

Return the top hits with their paths and headers. Summarize briefly if needed.

Comments

Loading comments...