ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Raven Memory

v1.0.1

Persistent causal memory for AI agents. Raven records everything your agent does as a causally-linked chain, including decisions, tool calls, parallel work,...

0· 94·0 current·0 all-time
byH.A@has9800

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for has9800/raven-memory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Raven Memory" (has9800/raven-memory) from ClawHub.
Skill page: https://clawhub.ai/has9800/raven-memory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install raven-memory

ClawHub CLI

Package manager switcher

npx clawhub@latest install raven-memory
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: this is a local SQLite-backed causal memory (DAG) with optional semantic search/embeddings. Embedding-related deps (sentence-transformers, sqlite-vec) are consistent with the semantic-search feature. Minor mismatch: requirements.txt lists many extra heavy packages (torch, transformers, langgraph, datasets, etc.) beyond the pyproject's declared dependency, which is broader than the visible code needs and increases installation footprint.
!
Instruction Scope
SKILL.md explicitly instructs you to modify the agent system prompt (call raven_start_session at the start and inject returned summary). That is expected for a memory plugin, but the pre-scan flagged a system-prompt-override pattern — altering the system prompt is a powerful action that increases attack surface and can be abused if the skill (or its inputs) were malicious. The runtime instructions otherwise stay within the memory scope (record/search/end/rollback) and do not ask the agent to read unrelated files or credentials.
Install Mechanism
No install spec in the registry (instruction-only), but the package contains pyproject.toml and a console script entrypoint. SKILL.md recommends pip install raven-memory (and optional extras). This will pull heavy native packages (torch, sentence-transformers) and may download model weights from external hosts at runtime (embedder loads SentenceTransformer). Loading sqlite-vec is implemented via sqlite extension loading. These native/networked components are expected for semantic search/embeddings but increase risk compared with a pure-Python or no-install skill.
Credentials
The skill requests no secrets or cloud credentials. Environment variables (RAVEN_DB_PATH, RAVEN_N_RECENT, RAVEN_N_SEARCH) are documented and relate directly to local DB path and tuning. The code writes a local DB (~/.raven/raven.db) and optionally loads native sqlite-vec; no API keys or unrelated credentials are requested.
Persistence & Privilege
The skill persists long-term local data (SQLite DB) and suggests adding itself to agent startup behavior/system prompts so session summaries are auto-injected. It does not set always:true and does not change other skills' configs programmatically. The persistence of potentially sensitive conversation/tool outputs to a shared ~/.raven/raven.db (shared across agents if configured) is a privacy consideration.
Scan Findings in Context
[system-prompt-override] expected: The skill explicitly asks you to modify the system prompt to call raven_start_session and inject the returned summary. That is normal for a memory plugin, but it was flagged because modifying system prompts increases risk if the skill or its stored data were malicious or crafted to influence agent behavior.
What to consider before installing
What to consider before installing: - Trust & provenance: the registry metadata lacked a homepage/source; pyproject points to a GitHub repo. Verify the package source (PyPI vs repository) and review the repo/maintainer before pip installing. - Prompt modification risk: the skill asks you to change your agent's system prompt so it always calls the memory tool at session start. That is required for persistent memory but also broadens the skill's influence. Only add these instructions if you trust the code. - Data & privacy: Raven stores all recorded events in a local SQLite file (~/.raven/raven.db) which can contain sensitive user messages and tool outputs. If you have secrets or private data, restrict file permissions, consider disk encryption/SQLCipher, or avoid enabling semantic embeddings which may cache richer content. - Network/native components: semantic search uses sentence-transformers and sqlite-vec. SentenceTransformer will likely download model weights (network) and torch is a heavy native dependency. Be prepared for large downloads and native binaries; if you want to avoid network/model downloads, skip the 'vec' feature. - Dependency mismatch: requirements.txt lists many heavy/unreferenced packages. Prefer installing from a verified source and review the package's pyproject/requirements to avoid unexpected installs. - Testing: run the MCP server in an isolated environment first, and inspect the created DB contents. Review code (mcp_server, store, dag) yourself — no obvious exfil endpoints appear in the provided files, but embeddings/model downloads and loading a SQLite extension are actions with extra risk. - If unsure: install and test in a disposable VM/container, or request the upstream repository URL and a maintainer identity before enabling in production.
!
skill.md:65
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk970fhexbwjcdqjhr0rrwm1bcs83nwwg
94downloads
0stars
2versions
Updated 1mo ago
v1.0.1
MIT-0
H.A@has9800
latest
Download

Raven Memory

Raven gives your OpenClaw agent persistent causal memory that survives across sessions, days, and weeks.

What it does

  • Records every significant event as a node in a causal chain
  • Loads relevant history at session start via semantic search
  • Supports rollback, branching, and parallel task tracking
  • Stores everything locally in ~/.raven/raven.db
  • Encrypted at rest with SQLCipher (optional)

Tools exposed

  • raven_start_session — load context at conversation start
  • raven_record_event — write an event to the chain
  • raven_end_session — close session with notes
  • raven_search — semantic search over full history
  • raven_rollback — undo N steps
  • raven_get_status — health check

Setup

Install from PyPI:

pip install raven-memory

With semantic search (recommended):

pip install "raven-memory[vec]"

Then install this skill:

clawhub install raven-memory

Add to your OpenClaw system prompt:

At the start of every conversation, call raven_start_session with
the user's first message as search_query. Load the returned
summary/nodes into your context before responding. Record events with raven_record_event. End sessions with raven_end_session.

Comments

Loading comments...