ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Satori

v0.0.1

Persistent long term memory for for continuity in ai sessions between providers and codegen tools. TRIGGERS - Activate this skill when: - User explicitly mentions "satori", "remember this", "save", "add", "save this for later", "store this", "add to memory" - User asks to recall/search past decisions: "what did we decide", "remind me", "search my notes", "what do I know about" - Conversation contains notable facts worth persisting: decisions, preferences, deadlines, names, tech stack choices, strategic directions - Starting a new conversation where proactive context retrieval would help - Use Satori search when user asks a question

0· 1.8k·2 current·2 all-time
by@joelachance
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (long-term memory) line up with the SKILL.md: it instructs use of a Satori CLI to save/search facts. However the SKILL.md references a local config path (~/.config/satori/satori.json) and automatic provisioning of credentials even though the skill manifest declares no required config paths or credentials — an internal inconsistency that should be explained by the author.
!
Instruction Scope
Runtime instructions tell the agent to run 'npx -y @satori-sh/cli@latest' to add/search facts, to check/create ~/.config/satori/satori.json and to 'silently incorporate' retrieved context into responses. Those steps involve reading/writing local user config and calling out to a remote service; the guidance to do this silently (do NOT announce 'I searched Satori' unless major impact) raises privacy and provenance concerns because the user may not be aware of external lookups or storage of potentially sensitive facts.
!
Install Mechanism
There is no install spec in the registry entry, but the SKILL.md instructs use of npx to run @satori-sh/cli@latest. npx dynamically downloads and executes package code from the npm registry at runtime (moderate to high trust). The skill has no homepage or source listed, so the package provenance and what it sends/receives are opaque. The doc also suggests 'npm install -g' as an alternative — both involve running third-party code not bundled with the skill.
!
Credentials
The manifest lists no required env vars or config paths, yet the instructions explicitly read/write ~/.config/satori/satori.json and 'provision new credentials automatically.' Requesting to auto-create credentials and storing them locally is disproportionate without declaring what those credentials are used for, where they are sent, or what permissions they grant. The skill also suggests saving potentially sensitive facts to an external memory service without describing access controls.
Persistence & Privilege
The skill is not forced always-on and uses normal autonomous invocation. However it instructs creation of persistent local credentials/config and remote persistent memory (vector + knowledge graph) — this gives it a lasting footprint (files + remote datastore). That persistence isn't declared in the registry metadata and increases privacy/attack surface if the remote service or CLI are untrusted.
What to consider before installing
This skill looks like a plausible 'memory' integration, but there are several red flags to consider before installing or using it: (1) It tells the agent to run npx to fetch and execute a remote npm package (@satori-sh/cli@latest) each time — running remote code has risk unless you trust the package and its publisher. (2) It will check/create ~/.config/satori/satori.json and 'provision credentials' automatically; you should know exactly what is being stored there and where any keys are sent. (3) The skill recommends silently searching and incorporating retrieved facts into replies, which can expose private information without explicit user consent. Ask the author (or registry owner) for: a homepage/repository link, package source code, a privacy/security/retention policy for stored memories, explicit network endpoints the CLI calls, and whether you can opt out of automatic provisioning or silent searches. Prefer a pinned package version, an audited repo, or a local-only mode that does not auto-upload data until you explicitly approve. If you can't get those assurances, treat this skill as untrusted and do not allow it to run commands that access your filesystem or network.

Like a lobster shell, security has layers — review code before you run it.

latestvk975j3m2bzkk709bsz28pf9wwx803hbj
1.8kdownloads
0stars
1versions
Updated 1h ago
v0.0.1
MIT-0
@joelachance
latest
Download

Satori CLI Integration

Satori persists notable information across AI applications. It stores facts in both vector and knowledge graph databases for later retrieval.

Environment Requirements

Works in: Claude Code, Cursor, Windsurf, or any AI tool with local terminal access.

Authentication

The CLI auto-configures on first run:

  • Checks ~/.config/satori/satori.json for API key and memory ID
  • If missing, creates the file and provisions new credentials automatically
  • No manual setup required

CLI Commands

Save facts:

npx -y @satori-sh/cli@latest add "<facts>"

Search for context:

npx -y @satori-sh/cli@latest search "<query>"

Workflow: Proactive Search

At conversation start, if the user's message suggests existing context would help:

  1. Extract key entities/topics from user's first message
  2. Run search command with relevant query
  3. Parse JSON response to extract relevant facts
  4. Silently incorporate retrieved context into response
  5. Do NOT announce "I searched Satori" unless results significantly impact the response

Parsing search results: The CLI returns JSON. Extract the relevant facts and use them as context:

npx -y @satori-sh/cli search "Flamingo project tech stack"
# Returns JSON with matching facts - parse and incorporate naturally

Example triggers for proactive search:

  • "Let's continue working on [project]"
  • "What's the status of [thing]"
  • References to past decisions without full context
  • Project names, company names, people names

Workflow: Save Facts

When to Save

Save at natural breakpoints:

  • End of a decision-making discussion
  • When user explicitly requests ("remember this", "save this")
  • After establishing concrete preferences, names, dates, deadlines
  • When significant project context is established

What to Save

See references/fact-criteria.md for detailed criteria.

SAVE - Notable, persistent information:

  • Decisions: "Using PostgreSQL for the database"
  • Tech preferences: "User prefers Bun over Node"
  • Names/branding: "Company name is Flamingo, they make pink cookies"
  • Dates/deadlines: "MVP deadline is March 15"
  • Architecture choices: "Microservices with event sourcing"
  • Strategic directions: "Targeting enterprise customers first"
  • Key contacts: "Sarah is the design lead"
  • Project context: "Satori is an AI memory infrastructure company"

DO NOT SAVE - Transient, granular, or obvious:

  • Work-in-progress feedback: "the color scheme needs work"
  • Claude's explanations or code snippets
  • Temporary debugging context
  • Generic preferences derivable from context
  • Conversational filler

Save Execution

  1. Extract notable facts from conversation (see criteria)
  2. Format as natural language, batch related facts together
  3. Execute CLI command
  4. On success: continue silently (fire-and-forget)
  5. On failure: notify user with error

Batching: The API handles batching, so longer natural language text is fine:

npx -y @satori-sh/cli add "User is building Satori, an AI memory infrastructure company. Tech stack: TypeScript, Bun, PostgreSQL. Deadline for MVP is March 15. Targeting developer tools market initially."

Error Handling

If CLI fails or isn't installed:

⚠️ Satori CLI error: [error message]
To install: npm install -g @satori-sh/cli
Facts were not saved. Would you like me to show what I attempted to save?

Fact Formatting

Write facts as clear, standalone statements. Include context so facts make sense when retrieved later:

Good: "Satori project uses PostgreSQL for primary storage and FalkorDB for knowledge graphs" Bad: "Using Postgres and FalkorDB"

Good: "User prefers Bun runtime over Node.js for all JavaScript/TypeScript projects" Bad: "Bun not Node"

Comments

Loading comments...