ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

一套优雅的模块化智能记忆系统,支持 embeddings、reranker 和 Flomo 笔记集成。

v0.1.0

模块化智能记忆系统,支持多平台 embeddings、智能重排序和 Flomo 笔记导入,实现高效语义搜索与管理。

0· 398·1 current·2 all-time
by@jazzqi
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements embeddings, reranking, Flomo parsing and import which matches the name/description. However the runtime providers (EdgefnEmbeddingProvider and EdgefnRerankProvider) require an Edgefn API key (config.apiKey or process.env.EDGEFN_API_KEY), but the skill registry metadata declared no required env vars/credentials. That metadata omission is inconsistent and may mislead users about required secrets.
Instruction Scope
SKILL.md instructions are scoped to initializing the memory core, adding a skill config to ~/.openclaw/openclaw.json with an apiKey, and exposing commands (/memory search/add/import-flomo/stats). The runtime instructions do not ask the agent to read unrelated system files or exfiltrate arbitrary data. The code makes network calls to Edgefn endpoints which is expected for an embeddings/reranker provider.
Install Mechanism
There is no install spec (instruction-only skill) and all code is bundled with the skill. No external archive downloads or install scripts are present in the manifest. package.json has no runtime dependencies, reducing install-time risk.
!
Credentials
Multiple files expect an Edgefn API key (process.env.EDGEFN_API_KEY or config.apiKey) and providers will throw if no key is present. The registry entry did not declare required env vars/primary credential. More importantly, config/template.json in the bundle contains a long 'apiKey' string that looks like a real secret (sk-BrwHc1ZiaE...). Hardcoding or shipping an API key in a template is a red flag: it could be an accidentally committed secret or an attempt to cause the skill to use a third-party key by default. Either way, this is disproportionate to a published sample and should be verified/removed.
Persistence & Privilege
The skill is not always:true and does not request system-wide privileges. It does not modify other skills' configs. It persists data to a configurable file path (./data/memories.json) if configured, which is expected for a memory store.
What to consider before installing
Before installing or enabling this skill: 1) Treat the API key embedded in config/template.json as suspicious — do not use it. Verify with the maintainer whether that key is intentional; prefer using your own Edgefn API key set in ~/.openclaw/openclaw.json or EDGEFN_API_KEY. 2) Expect the skill to make outbound HTTPS calls to https://api.edgefn.net/v1 for embeddings/reranking — run it in an environment where that network activity is acceptable. 3) The registry metadata omitted required credentials; ensure you supply an explicit apiKey rather than relying on bundled templates. 4) If you cannot verify the origin (source is 'unknown' and homepage none), consider running the skill in an isolated account/container or reviewing the full source locally (search for any additional hardcoded secrets or unexpected network endpoints in the omitted files). 5) If you plan to import private notes via Flomo, audit the Flomo import code and config so that imported data is stored where you expect (and not sent elsewhere).

Like a lobster shell, security has layers — review code before you run it.

latestvk9753p0xkjsad1kzw46s56kjf182f8hh
398downloads
0stars
1versions
Updated 21h ago
v0.1.0
MIT-0
@jazzqi
latest
Download

Memory Core - 智能记忆核心技能

基于模块化架构的智能记忆系统,支持多平台 embeddings/reranker 和 Flomo 笔记集成。

快速开始

const { quickStart } = require('./index');
const memoryCore = await quickStart({ apiKey: 'your-key' });
const result = await memoryCore.search('查询内容');

OpenClaw 配置

在 ~/.openclaw/openclaw.json 中添加:

"skills": {
  "memory-core": {
    "enabled": true,
    "config": { "apiKey": "sk-your-key" }
  }
}

命令

  • /memory search <查询> - 搜索记忆
  • /memory add <内容> - 添加记忆
  • /memory stats - 查看统计
  • /memory import-flomo <文件> - 导入 Flomo
  • /memory help - 显示帮助

技术特性

  • 多平台 embeddings 支持 (Edgefn, OpenAI, 本地)
  • 智能重排序 (reranker)
  • Flomo 笔记集成
  • 语义搜索
  • 模块化架构

文件结构

memory-core/
├── SKILL.md              # 技能文档
├── package.json          # 配置
├── index.js              # 主入口
├── entry.js              # OpenClaw 集成入口
├── config/               # 配置
│   └── openclaw.json    # OpenClaw 配置模板
├── src/                  # 核心代码
├── examples/             # 示例
└── tests/               # 测试

Comments

Loading comments...