Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Engine 3-Layer

v5.0.0

Memory guardian for OpenClaw — three-layer anti-amnesia with real-time session reset watcher. v5.0: works alongside OpenClaw native memorySearch (vector+hybr...

⭐ 0· 113·0 current·0 all-time

by@zacko2o

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

Crypto

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (three-layer memory guardian) aligns with the supplied scripts: indexing, search (FTS5), auto-extraction from sessions, watcher, maintenance, migration and backup. Most required operations (reading sessions, writing memory/*.md, modifying openclaw.json hooks) are coherent with the stated purpose. The backup/push-to-git behavior is a plausible feature but increases risk of leaking unrelated workspace/config data.

Instruction Scope

Runtime instructions and scripts explicitly read OpenClaw session files (~/.openclaw/agents/.../sessions) and openclaw.json, write MEMORY.md and memory/*.md, install a cron job, and run a long-running watcher via nohup. They also auto-extract events from transcripts. These actions are expected for extracting and persisting memory, but they also access highly sensitive artifacts (session transcripts and config files). The cron/backup steps will cause automated background activity without per-run confirmation if installed.

✓

Install Mechanism

There is no remote download/install step in the package metadata; the repo is instruction+scripts and relies on existing Node/npm and a global better-sqlite3. The README suggests installing better-sqlite3 globally. No external arbitrary archive downloads are used in the install flow supplied here.

Credentials

The skill declares no required env vars but the scripts read common envs and files (HOME, TZ, OPENCLAW_WORKSPACE, OPENCLAW_TZ) and directly access openclaw.json and session JSONL files. That access is functionally justified, but the backup script copies openclaw.json into the workspace and will commit/push the workspace to the configured git remote (origin main) if present — this can exfiltrate sensitive configuration or keys that happen to live in those files. The skill relies on existing git credentials in the environment rather than declaring or requesting them, which is convenient but can lead to unintended pushes.

ℹ

Persistence & Privilege

The skill does not set always:true. However the SKILL.md and README instruct users to add a cron job and the cron script will restart a watcher daemon via nohup. That gives the code persistent background execution on the host if the user follows setup steps — expected for this functionality but important to be aware of because it triggers periodic automatic indexing, extraction, and (potentially) backups/pushes.

What to consider before installing

This skill appears to implement the advertised three-layer memory guardian, but it reads session transcripts and config files and can automatically commit and push the workspace (including a copied openclaw.json) to your git remote. Before installing: 1) Inspect memory-backup.sh and decide whether auto-push is acceptable; consider removing or gating the push step. 2) Inspect memory-migrate.js to see what it will change in openclaw.json and back up openclaw.json separately before running any migration. 3) If your sessions or openclaw.json contain secrets or tokens, do not enable the automatic backup/push or ensure the git remote is a private/trusted repository and .gitignore excludes sensitive files. 4) Test the scripts in a sandboxed or non-production environment (or run cron jobs with --dry-run behavior) and review watcher/migration behavior before enabling them system-wide. 5) If you want the memory features but not backups, remove/disable the backup invocation in the cron script (and the auto-creation of the daily cron entry) and run the scripts manually.

✗

scripts/memory-boot.js:62