ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NoMoreForget

v1.0.0

让 OpenClaw 不再失忆!一键解决记忆问题:失忆、Token 消耗高、搜不到。自动启用 Memory Flush、优化记忆配置、提供诊断备份工具。触发词:龙虾失忆、记忆问题、Token 消耗高、记忆配置、memory 问题、记不住。

0· 65·0 current·0 all-time
by@steventsang18
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to fix OpenClaw memory problems and the shipped scripts read/write ~/.openclaw/openclaw.json, workspace/MEMORY.md and memory logs, install maintenance scripts under ~/.openclaw/no-more-forget, and provide backup/restore — all coherent with the stated purpose. Minor mismatch: metadata declares no required binaries, but scripts rely on common tools (python3, bash utilities) and optionally call clawhub; those tools are expected for this purpose but should have been declared.
!
Instruction Scope
SKILL.md instructs running the bundled install/verify/diagnose/optimize/backup/restore scripts which modify user config (openclaw.json) and workspace files. The install script injects a memoryFlush.systemPrompt and prompt text into openclaw.json — this modifies agent prompts (a powerful action). While the change is consistent with the goal (pre-compaction flush), altering systemPrompt is exactly the kind of thing that can change agent behavior and should be reviewed. There is no attempt to exfiltrate files or contact external endpoints in the scripts, but the systemPrompt content is effectively an injected prompt and was flagged by the pre-scan.
Install Mechanism
No external downloads or remote installers are performed by the included install.sh; files are copied locally into ~/.openclaw and templates created in workspace. This is lower-risk than fetching and executing remote archives. The README mentions git clone / GitHub links (for obtaining the skill), but the shipped install itself does not fetch code from arbitrary URLs.
Credentials
The skill declares no environment variables or credentials (and none appear required). It operates on local OpenClaw config and workspace files only, which is proportionate to its stated purpose. Note: scripts expect python3 and optionally clawhub on PATH but these were not declared in metadata.
Persistence & Privilege
The skill does write files into the user's OpenClaw directory (~/.openclaw) and installs maintenance scripts under ~/.openclaw/no-more-forget — i.e., persistent presence in the OpenClaw config area. always:false (not force-included). The main concern is that it injects a systemPrompt value into openclaw.json, which alters agent-level prompts and therefore agent behavior; this is within scope for a memory-management skill but is sensitive and worth manual review.
Scan Findings in Context
[system-prompt-override] expected: The install script writes a memoryFlush.systemPrompt and prompt text into ~/.openclaw/openclaw.json. That is coherent with a 'memory flush' feature, but it is also an instance of modifying the agent's internal prompts (a prompt-injection-style action) and should be reviewed before accepting.
What to consider before installing
What to check before installing: - Review the files (especially scripts/install.sh and the Python block) yourself or in a safe environment. The installer will modify ~/.openclaw/openclaw.json and create/copy files under ~/.openclaw and ~/.openclaw/workspace. - Pay special attention to the injected memoryFlush.systemPrompt and prompt strings — these become agent-level prompts and can change behavior. If you don't trust the exact wording, consider applying the JSON changes manually instead of running the installer. - Ensure you have python3 present (scripts call python3) and optionally clawhub if you plan to install recommended plugins. The metadata did not declare these dependencies. - Because the skill installs persistent scripts under ~/.openclaw/no-more-forget, keep backups (install.sh already creates a backup) and inspect backups before restoring. - If you want to reduce risk, openclaw.json changes can be merged manually: run the installer in a test environment or copy the JSON snippet from the SKILL.md and apply only the fields you approve. Summary recommendation: the package is functionally aligned with its description, but the automatic injection of a systemPrompt and the mismatch in declared vs. used binaries are reasons to inspect the scripts and config changes before running the installer.
!
references/architecture.md:55
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk9770nvxmscj5y9162x0we672n83hyrs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments