Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Super Memori
v4.0.0-candidate.22Local-first hybrid memory skill for OpenClaw agents. Use when the agent needs to find, recall, search, or reuse past knowledge across episodic, semantic, pro...
⭐ 0· 398·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the code and public commands: lexical/semantic retrieval, indexing, health checks, memorize/query flows. The shipped scripts and references (Qdrant, sentence-transformers, local DB and file directories) are coherent for a local memory runtime.
Instruction Scope
SKILL.md and quickstart instruct running local scripts (query-memory.sh, index-memory.sh, health-check.sh, memorize.sh). In addition to expected operations, shipped utilities include an auto-learner that reads ~/.openclaw/logs/commands.log and creates pending learning items, and embedding scripts that read arbitrary markdown files and send content to the local vector DB. Those behaviors can capture sensitive command lines and file contents; the quickstart does not prominently warn about auto-learner behavior, so operators might not expect these passive collection actions.
Install Mechanism
No install spec (instruction-only). The SKILL.md suggests pip installing sentence-transformers/numpy/qdrant-client (client only). All code is shipped in the archive — there are no external archive downloads in the package itself. The only external network behavior is runtime model fetches (SentenceTransformer will download model weights if not present) and normal HTTP calls to a local Qdrant endpoint.
Credentials
The skill requests no environment variables or external credentials (good), but it reads and writes many host-local paths under $HOME (e.g., ~/.openclaw/workspace/memory, ~/.openclaw/logs/commands.log, various queue/learnings dirs, a local SQLite DB). The auto-learner parses shell command logs and records the full command text into pending JSONs. Embedding scripts will load file contents and send embeddings/payloads into a local Qdrant collection (vectors and truncated content stored). Also, SentenceTransformer may fetch model weights from the internet at runtime. These are proportionate for a local memory tool but present privacy/exposure risks (sensitive commands and files could be captured into the skill's data stores).
Persistence & Privilege
Skill is not force-included (always:false). It can be invoked autonomously (default platform behavior) and writes only to its own directories and local DB files; it does not modify other skills or system-wide configs. The persistence model (local files, queue, DB, Qdrant points) is expected for a memory skill.
What to consider before installing
This package appears to implement what it claims, but review and accept the privacy implications before installing. Specific recommendations:
- Review or disable the auto-learner: it reads ~/.openclaw/logs/commands.log and writes discovered commands into pending JSONs; that can capture sensitive commands (passwords typed into shell, tokens, SSH commands, etc.). If you don't want that, don't enable/cron it or remove/modify auto-learner.sh.
- Inspect which directories will be indexed (defaults to ~/.openclaw/workspace/memory) and make sure no files with secrets (keys, credentials, private notes) are present. The embedding scripts read file contents and store vectors + content snippets in the local vector DB.
- Be aware SentenceTransformer will attempt to download model weights (e.g., from Hugging Face) if the model isn't cached locally — that causes outbound network traffic and increases the attack surface; to avoid this, pre-install models in an offline environment.
- Confirm Qdrant is a local instance (127.0.0.1:6333) before running; the code targets localhost but will fail if misconfigured. Running in an isolated/test host first is prudent.
- Check file permissions for the skill's directories (~/.openclaw/...) and the SQLite DB to limit access to only intended users.
- If you need stronger guarantees, run the skill in an isolated VM/container, audit the code paths (auto-learner, embed-*), and run health-check.sh and eval-memory.sh in JSON mode to inspect reported state before enabling indexing or scheduling cron jobs.
- The package does not request external credentials explicitly, but it will read local files; treat that as a manual decision about what to expose to the skill's memory stores.Like a lobster shell, security has layers — review code before you run it.
latestvk972e37y1ebn2g5e5q0be962w984t0r7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.