ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory On Demand

v1.0.0

按需记忆检索。当用户询问历史相关问题时,自动搜索 memory 和 QMD 获取相关信息。

0· 1.2k·12 current·13 all-time
by@aeoleader
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description (on-demand memory retrieval) matches the actions in SKILL.md: searching a QMD index and local memory files. Requesting access to a memory folder is expected for this purpose. One minor inconsistency: the instructions call external tools (qmd, memory_search) although the skill metadata declares no required binaries.
Instruction Scope
Instructions explicitly tell the agent to run 'qmd search' and grep the ~/.openclaw/workspace/memory/ directory. Reading those local files is within the stated purpose, but the SKILL.md gives the agent direct permission to read the user's memory directory and to invoke qmd/memory_search commands — confirm you are comfortable with that level of local data access.
Install Mechanism
There is no install spec and no code files (instruction-only), so nothing will be written to disk by an installer. This lowers risk; however, the runtime relies on external tools that must already exist on the system (qmd, optional memory_search).
Credentials
No environment variables, credentials, or config paths are requested in the metadata. The SKILL.md only references a local workspace path (~/.openclaw/workspace/memory/), which is proportionate to a memory-retrieval skill.
Persistence & Privilege
The skill is not always-on and is user-invocable; it does not request elevated or persistent platform privileges. Autonomous invocation is allowed by default, which is normal for skills and not an extra privilege here.
Assessment
This skill will search your local QMD index and files under ~/.openclaw/workspace/memory/ when trigger keywords appear. Before installing: (1) confirm you are comfortable with the agent reading those local memory files; (2) ensure the referenced tools (qmd, memory_search) exist on your system — the metadata doesn't declare them explicitly; (3) verify what 'QMD' and the workspace configuration refer to in your environment; and (4) consider whether automatic triggering on the listed keywords is acceptable or if you prefer an explicit user opt-in to avoid accidental retrieval of sensitive memories. If you want higher assurance, ask the author to declare required binaries and to provide a minimal test log showing exactly which commands will run and what files will be read.

Like a lobster shell, security has layers — review code before you run it.

latestvk977b26g296z8fmmbp60w888kd81r0de

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments