ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Lcm

v1.0.0

Stores and manages complete conversation history with searchable SQLite storage, chunked and daily summaries, and auto-syncs key decisions to MEMORY.md.

0· 45·0 current·0 all-time
byluke@louch84
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with code and manifest: message storage, chunk/daily summaries, search, compaction, and auto-sync to MEMORY.md. Uses sql.js (WASM) for a local SQLite DB stored at ~/.openclaw/workspace/data/tony-lcm.db — appropriate for the stated purpose.
Instruction Scope
SKILL.md and bin/tony-lcm.js instruct running npm install and using the CLI which will write/read local files (DB and MEMORY.md). The instructions and code do not access external endpoints or unrelated system data, but they do auto-extract and append 'decisions' to a persistent MEMORY.md file — this is within scope but is a privacy-sensitive side effect users should expect.
Install Mechanism
No formal install spec in registry; SKILL.md requires npm install. package.json depends only on sql.js from the npm registry (package-lock shows a normal registry URL). This is a standard, traceable install vector (moderate trust required for npm packages). No obscure download URLs or archive extraction.
Credentials
No required environment variables, credentials, or external config paths are requested. The code uses HOME (or os.homedir()) to place files under ~/.openclaw — appropriate and proportional to file-backed memory management.
Persistence & Privilege
The skill creates and persists files (DB and MEMORY.md) in the user's home workspace. always is false. Because agents may invoke skills autonomously by default, be aware the skill could be triggered to write conversation content to disk without additional prompts — this is expected behavior but has privacy implications.
Assessment
This skill appears to do what it says: it will store full conversation text locally in ~/.openclaw/workspace/data/tony-lcm.db and append extracted 'decisions' to ~/.openclaw/workspace/MEMORY.md. It does not request credentials or call external services, but note the privacy implications: everything logged is saved in plaintext on disk and the auto-extraction (regexes like 'will ...', 'decided to ...') may append unintended content to MEMORY.md. Before installing, consider: (1) Do you want your full chat history persisted on disk? (2) Review and back up or protect ~/.openclaw/workspace (file permissions, encryption) if necessary. (3) Since this package comes from an unknown source (no homepage), review the code or run in an isolated environment if you have privacy/security concerns. If you proceed, inspect the MEMORY.md contents after syncs and consider modifying the extraction patterns or disabling auto-sync if unwanted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c4j80hpfvc63hx22r67z2bh84jh6p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments