ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

memory-assistant

v1.0.1

Helps users remember where they put things and schedule voice reminders. Use when the user says "记一下"/"记一下"/"提醒我", records item locations (e.g. keys, passpor...

0· 228·0 current·0 all-time
by@q1lin570

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for q1lin570/memory-assistant.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "memory-assistant" (q1lin570/memory-assistant) from ClawHub.
Skill page: https://clawhub.ai/q1lin570/memory-assistant
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install memory-assistant

ClawHub CLI

Package manager switcher

npx clawhub@latest install memory-assistant
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (remember item locations, schedule voice reminders) aligns with required capability (SENSEAUDIO_API_KEY and two Python scripts that call the SenseAudio TTS API and read/write items/reminders). No unrelated credentials or remote endpoints are requested beyond api.senseaudio.cn.
!
Instruction Scope
SKILL.md and reference claim a {baseDir} resolution and show use of load_dotenv(), but both scripts actually use Path.cwd() to choose the data directory (~/.memory-assistant or .memory-assistant in the current working directory) and do not load .env; this mismatch may cause data (items.json, reminders.json, and audio files) to be written into an unexpected workspace path. The scripts read/write local JSON files and call only the documented SenseAudio API — no other exfiltration endpoints — but they will persist possibly-sensitive location/event data in plaintext.
Install Mechanism
No install spec; scripts are instruction-only files requiring only standard Python packages (requests). No download from unknown URLs or archive extraction. Risk from install mechanism is low.
Credentials
Only SENSEAUDIO_API_KEY is required, which is appropriate for the TTS integration. The API key is sent to the documented https://api.senseaudio.cn/v1/t2a_v2 endpoint. No other secrets or unrelated env vars are requested.
!
Persistence & Privilege
Skill is not always-enabled and does not request elevated privileges, but it persists user data (items.json, reminders.json, generated audio) to the filesystem. Because the code chooses the data dir based on cwd, data may end up in the project/workspace directory rather than an isolated skill folder — increasing chance of accidental disclosure or inclusion in backups/version control.
What to consider before installing
This skill appears to implement the advertised feature (local storage + SenseAudio TTS) and only needs SENSEAUDIO_API_KEY. Before installing: (1) review/confirm where data will be stored — the scripts use the current working directory or ~/.memory-assistant (not a guaranteed skill-only directory), so sensitive records (e.g., passport/keys, event details) may be written into your project/workspace; (2) consider setting file permissions or configuring a safe data_dir to avoid accidental commits/backups; (3) confirm you’re comfortable that your SENSEAUDIO_API_KEY will be used to call https://api.senseaudio.cn; check SenseAudio’s privacy policy; (4) note the docs mention loading .env but the scripts do not — if you rely on .env, set env vars explicitly or edit scripts; (5) run the scripts in --dry-run first and inspect created files; (6) if you need stronger privacy, modify the code to encrypt stored data or place storage in a dedicated directory outside your workspace. These inconsistencies and privacy implications are why the skill is flagged suspicious rather than benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk9788atp358x8tcz5e54yvqvt183bxd8
228downloads
0stars
2versions
Updated 12h ago
v1.0.1
MIT-0
@q1lin570
latest
Download

帮记助手(健忘症语音提醒)

针对“健忘症”的帮记助手:支持随手放的东西快速录入与查询、日程/约会定时提醒,并通过 SenseAudio 合成语音进行语音提醒。

前置条件

  • 环境变量中配置 SENSEAUDIO_API_KEYhttps://senseaudio.cn/platform/api-key)。
  • 使用语音脚本需 Python 3.8+,并安装:pip install requests。播放时 macOS 使用 afplay,Windows 使用系统默认播放器,Linux 使用 paplay/aplay/ffplay

核心场景

场景一:随手放的东西

用户用自然语言快速录入物品与位置,例如:

  • 「记一下,我把备用电池放在电视柜左侧第二个抽屉里了。」
  • 「记一下,护照在书房第二个书架最上层。」
  • 「备用钥匙放在玄关鞋柜上面。」

处理流程:

  1. 从用户输入中抽取:物品(如:备用电池、护照、备用钥匙)、位置(如:电视柜左侧第二个抽屉)。
  2. 将记录写入持久化存储(如 JSON 文件或数据库),格式见 reference.md
  3. 回复确认并支持后续用「某某放哪儿了」查询并朗读位置。

场景二:定时提醒(含提前提醒)

用户说明时间与事项,并要求提前提醒,例如:

  • 「下午三点要开会,记得提前提醒我。」
  • 「六点钟和王先生约在和平饭店见面,提前半小时提醒我。」

处理流程:

  1. 从用户输入中解析:提醒时间事项描述提前时长(若未说则用默认,如 15 分钟)。
  2. 将提醒写入提醒列表,并计算实际播报时间 = 提醒时间 − 提前时长。
  3. 到播报时间时,用 SenseAudio TTS 将提醒内容合成为语音并播放(或保存为音频文件供播放)。

数据模型

  • 物品位置记录{ "item": "备用电池", "location": "电视柜左侧第二个抽屉", "created_at": "ISO8601" }
  • 定时提醒{ "at": "ISO8601", "event": "下午三点开会", "advance_minutes": 30, "created_at": "ISO8601" }

完整字段与存储路径见 reference.md

语音提醒(SenseAudio TTS)

所有需要“读出来”的提醒(如:到点提醒、查询到的位置)均通过 SenseAudio 文本转语音 API 合成。

  • 接口POST https://api.senseaudio.cn/v1/t2a_v2
  • 鉴权Authorization: Bearer YOUR_API_KEY
  • 必填参数model: "SenseAudio-TTS-1.0"text(要朗读的文案),voice_setting.voice_id(如 male_0004_a
  • 流式:可设 stream: false 一次取回整段音频;响应中 data.audio 为 hex 编码,需解码为二进制后保存为 mp3/wav 或送入播放器。

详细请求/响应格式、音色列表与示例代码见 reference.md。API 文档:https://senseaudio.cn/docs,TTS 说明:https://senseaudio.cn/docs/text_to_speech_api

指令与回复约定

  1. 录入位置:用户说「记一下,我把 X 放在 Y 了」→ 解析并存储,回复「已记下:X 在 Y。」并可问是否要试听语音。
  2. 查询位置:用户问「X 放哪儿了」→ 查存储,若存在则回复「X 在 Y。」并用 TTS 生成语音;若无则回复「还没有记录 X 放哪儿。」
  3. 添加提醒:用户说时间 + 事项 +(可选)提前多久 → 解析时间与提前量,写入提醒列表,回复「已设置:在 [时间] 提前 [N] 分钟提醒你:[事项]。」
  4. 播放语音:生成提醒或位置朗读时,调用 SenseAudio 得到音频文件,提示用户播放或直接播放(取决于环境)。

语音播报脚本

技能提供两个脚本,用于语音播报物品位置定时播报待办提醒{baseDir} 表示本技能所在目录(由运行环境或工作区解析,不暴露具体绝对路径)。

1. 语音播放:{baseDir}/scripts/speak.py

  • 播报自定义文本python {baseDir}/scripts/speak.py --text "下午三点有会议,请提前准备" --play
  • 播报物品位置:根据 items.json 查询并合成「X 在 Y」后播放:python {baseDir}/scripts/speak.py --item 备用电池 --play
  • 仅生成音频不播放:省略 --play,可用 --out 路径.mp3 指定输出文件。
  • 选项:--voice 指定音色 ID(默认 male_0004_a)。

2. 定时播报:{baseDir}/scripts/run_reminders.py

  • 单次检查:到点提醒会从 reminders.json 中找出 notify_at <= 当前时间status=pending 的条目,合成「提醒:XXX」并播放,然后标记为 notified
    python {baseDir}/scripts/run_reminders.py
  • 常驻定时检查python {baseDir}/scripts/run_reminders.py --daemon(默认每 60 秒检查一次,可用 --interval N 修改)。
  • 仅查看将播报的提醒python {baseDir}/scripts/run_reminders.py --dry-run

建议用系统定时任务定期执行(如每分钟一次),以实现到点语音提醒:

  • macOS:cron 或 launchd:cd {baseDir} && python scripts/run_reminders.py
  • Windows:任务计划程序(Task Scheduler):python {baseDir}\scripts\run_reminders.py
  • Linux:cron:cd {baseDir} && python scripts/run_reminders.py

配置

  • {baseDir}:表示本技能所在根目录,由运行环境解析,文档与命令中均不写死 .cursor/skills 或绝对路径。
  • SenseAudio API Key:在环境变量中配置 SENSEAUDIO_API_KEY。密钥申请:https://senseaudio.cn/platform/api-key
  • 存储路径:物品记录与提醒列表的默认路径见 reference.md,可配置覆盖。

参考

  • 数据格式、存储路径、SenseAudio 请求示例与音色表:reference.md
  • 更多对话示例:examples.md
  • 脚本用法细节见 reference.md 的「脚本说明」小节。

Comments

Loading comments...