ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session Memory Structured

v1.0.0

在 /new 或 /reset 时,为刚结束的会话生成结构化纪要并归档到 memory/YYYY-MM-DD.md

0· 143·0 current·0 all-time
by@thelast0802

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for thelast0802/session-memory-structured.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Session Memory Structured" (thelast0802/session-memory-structured) from ClawHub.
Skill page: https://clawhub.ai/thelast0802/session-memory-structured
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install session-memory-structured

ClawHub CLI

Package manager switcher

npx clawhub@latest install session-memory-structured
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (summarize the just-ended session and archive to memory/YYYY-MM-DD.md) match the code and docs. The code reads local OpenClaw session files and the local models.json to obtain a provider baseUrl/apiKey, then calls that provider to generate the summary and writes the result to workspace/memory. No unrelated credentials, binaries, or external services are requested beyond the configured provider.
Instruction Scope
SKILL.md and handler.js limit runtime actions to: locating a session file, parsing recent user/assistant messages (with cleaning), reading models.json for a configured provider, calling that provider's chat/completions endpoint, and appending the returned summary to a dated memory file. The README/skill.md explicitly warn that session text will be sent to the configured model service.
Install Mechanism
This is an instruction-only hook with no install spec or network download. There is no package installation or external code fetched by the skill itself.
Credentials
The skill does not declare any required env vars but reads provider.apiKey and provider.baseUrl from the local OpenClaw models.json (home/.openclaw/agents/<YOUR_AGENT_ID>/agent/models.json). That is proportional to its purpose (it must call a model service), but it means the skill will access your locally stored API key and send session text to whatever baseUrl is configured — ensure the provider entry points to a trusted service.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or global agent settings. It persists only by appending summaries into the workspace 'memory' directory, which is within the declared scope of the feature.
Assessment
This hook is internally consistent with its stated goal, but before installing: 1) edit the placeholder values (<YOUR_AGENT_ID>, <YOUR_PROVIDER_ID>) as instructed so it targets the correct local paths; 2) inspect your ~/.openclaw/.../models.json to verify the provider's baseUrl is a trusted endpoint (the code will send session text and use the apiKey from that entry); 3) if you need strict offline behavior, do not install or ensure the provider entry points to a local/offline model; 4) consider testing in a safe workspace (no sensitive session contents) to confirm behavior; 5) note the code uses global fetch (Node 18+ has fetch built-in) — ensure your runtime supports it or adapt accordingly.
!
handler.js:1
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🧠 Clawdis
latestvk97cdw1vs0a9fp2efatd2gpd6n83gf86
143downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@thelast0802
latest
Download

Session Memory Structured

一个给 OpenClaw 用的会话纪要 Hook。

它会在执行 /new/reset 时,读取刚结束的那段 Session,对最近一部分用户 / 助手消息做清洗和提炼,然后生成四段式结构化纪要,按日期写入工作区的 memory/YYYY-MM-DD.md

适合想把会话切换做得更稳、更可追溯的人。

主要特性

  • 只在 /new/reset 触发
  • 自动回看上一段会话
  • 输出固定四块结构,便于后续续写与复盘
  • 不在项目目录内硬编码 API Key

隐私提示

本技能运行时会读取你本机的 OpenClaw Session 文件,并调用你自己配置的模型服务来生成纪要。

如果你的模型服务是外部云服务,相关会话文本会发送到该服务进行处理。请在使用前确认这一点。

Comments

Loading comments...