ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Supermemory

v1.2.0

Store, recall, and semantically search conversation insights using a vector memory engine to enhance customer interactions and context.

0· 128·0 current·0 all-time
by@ipythoning

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ipythoning/sdr-supermemory.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Supermemory" (ipythoning/sdr-supermemory) from ClawHub.
Skill page: https://clawhub.ai/ipythoning/sdr-supermemory
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install sdr-supermemory

ClawHub CLI

Package manager switcher

npx clawhub@latest install sdr-supermemory
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
SKILL.md describes a vector DB/embedding pipeline, Supermemory Cloud (API key required), and automatic capture of conversation insights. The included runtime (sm.mjs) does not call any external APIs, embedding providers, or vector DBs — it simply writes/reads JSON files under ~/.openclaw/memory/vectors and performs keyword matching. The documentation therefore overstates capabilities and mentions credentials (cloud API key, embedding_model) that are not declared or used in the code.
!
Instruction Scope
SKILL.md claims an 'Auto-Capture' feature that automatically extracts and stores customer preferences, price signals, competitive mentions, etc., but it provides no concrete source for those captures (chat logs, transcripts) and the included CLI does not implement auto-capture. This gives ambiguous authority to the agent to 'auto-capture' conversation data if the integration were extended — a potential privacy/data-exfiltration risk unless precisely scoped. The SKILL.md also references configuration templates ({{embedding_model}}) not declared elsewhere.
Install Mechanism
There is no installer or external downloads. The skill is instruction-only with one included code file (sm.mjs). Nothing in the package fetches remote archives or executes installer scripts, which keeps install risk low.
!
Credentials
Registry metadata declares no required env vars, but the code reads OPENCLAW_HOME and HOME (to determine MEMORY_DIR) and SKILL.md references an external Supermemory Cloud API key and embedding_model placeholders that are not declared. That mismatch (undocumented credential requirement) is suspicious. Also the skill persists potentially sensitive conversation data to the user's home directory by default.
Persistence & Privilege
The skill persists memories to disk under OPENCLAW_HOME or ~/.openclaw/memory/vectors. It does not request always:true and does not modify other skill configurations, but it will create and retain files in the user's home directory (potential PII). This is expected for a memory engine, but you should be aware of where data will be stored and how it is protected.
What to consider before installing
This skill's documentation and code disagree in important ways. SKILL.md promises embeddings, a cloud provider requiring an API key, and automatic capture of conversation signals, but the included sm.mjs is a local CLI that stores JSON files and does only keyword search. Before installing or enabling this skill: 1) Ask the author to explain how 'auto-capture' works and what sources it will read (chat logs, transcripts, other files). 2) Confirm whether a Supermemory Cloud API key or embedding model is required and ensure any credentials would be declared and limited to the required scope. 3) Note that the skill writes persistent files to ~/.openclaw/memory/vectors (or OPENCLAW_HOME) — do not allow it to store sensitive PII without encryption or retention controls. 4) The JavaScript has a probable bug (uses await import inside a non-async function) — request a corrected implementation. 5) If you still want to try it, run the skill in a sandbox or test account, review the code locally, and restrict OPENCLAW_HOME to a safe directory; do not enable any undocumented autonomous 'auto-capture' behavior until you have a precise, auditable implementation. If the author can provide an updated package where the code implements (or explicitly omits) the documented cloud/auto-capture behaviors and lists any required env vars, rerun this evaluation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bzkrq0w39jpqvpc5rtddamd83kqm8
128downloads
0stars
2versions
Updated 1mo ago
v1.2.0
MIT-0
@ipythoning
latest
Download

supermemory — AI Memory Engine

Semantic memory layer powered by vector search. Store, recall, and connect conversation insights across all customer interactions.

Architecture

Conversation → Extract Insights → Embed → Store (Vector DB)
                                            ↓
Query → Semantic Search → Relevant Memories → Inject into Context

Memory Types

TypeTTLExample
Customer FactPermanent"Ahmed from Dubai, buys 50 units/quarter"
Conversation Insight90 days"Interested in bulk pricing for Model X"
Market Signal30 days"East Africa demand spike for product Y"
Effective ScriptPermanent"Opening with local market data → 3x reply rate"

Commands

  • memory:add <text> — Manually add a memory
  • memory:search <query> — Semantic search across all memories
  • memory:list [type] — List recent memories by type
  • memory:forget <id> — Delete a specific memory
  • memory:stats — Memory usage statistics

Auto-Capture

When enabled, the engine automatically extracts and stores:

  1. Customer preferences and requirements
  2. Price sensitivity signals
  3. Competitive mentions
  4. Purchase timeline indicators
  5. Relationship context (referrals, prior interactions)

Configuration

{
  "provider": "lancedb",
  "embedding_model": "{{embedding_model}}",
  "auto_capture": true,
  "capture_strategy": "last_turn",
  "recall_top_k": 5,
  "ttl_days": {
    "customer_fact": null,
    "conversation_insight": 90,
    "market_signal": 30,
    "effective_script": null
  }
}

Integration

Works with:

  • LanceDB (local, no external dependency)
  • Supermemory Cloud (hosted, API key required)
  • Memos (self-hosted note-taking)

Comments

Loading comments...