Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (memory compaction) align with the instructions: the SKILL.md explicitly describes compressing/cleaning files under memory/YYYY-MM-DD.md, memory/categories/*.md, and MEMORY.md. No unrelated services, binaries, or credentials are requested.
Instruction Scope
The instructions tell the agent to run periodic/manual/automatic compaction and reference concrete file paths under a 'memory' directory. However they are underspecified about exact file-scope, thresholds for '超过阈值', destructive operations, and backup/rollback. There are no safety checks, dry-run modes, explicit retention rules, or confirmation steps described — giving the agent broad discretion to modify or delete local files without constraints.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. Nothing will be written to disk by an installer.
Credentials
No environment variables, credentials, or external config paths are requested. The only resources referenced are local ‘memory’ file paths, which match the stated purpose.
Persistence & Privilege
always:false (normal). The skill can be invoked autonomously (platform default) but is not force-included. Autonomous invocation combined with the instruction vagueness increases risk of unintended modifications; consider restricting autonomous runs or requiring user confirmation for destructive actions.
What to consider before installing
Before installing, get specifics and add safeguards: 1) Ask the author to define exact file paths and a safe sandbox (so it cannot touch other files). 2) Require a dry-run mode that shows proposed changes without writing. 3) Require automatic backups/versioning before any deletions and clear retention/threshold settings (what '超过阈值' means). 4) Require verbose logs and a confirmation step for destructive actions. 5) If possible, run initially on a copy of your memories or in a restricted environment to validate behavior. If the skill's author cannot provide these protections and precise rules, treat it as risky to run with write/delete access to your memory files.Like a lobster shell, security has layers — review code before you run it.
latestvk975ry1628rzgfdje6g25snnms8444ht
License
MIT-0
Free to use, modify, and redistribute. No attribution required.