ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Adam Framework

v1.0.1

5-layer persistent memory and coherence architecture for OpenClaw agents. Solves AI amnesia and within-session drift. Built and validated over 353 sessions o...

0· 98·0 current·0 all-time
by@strangeadvancedmarketing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims a local-first memory/coherence framework, which plausibly needs local scripts and an LLM key, but SKILL.md explicitly asks for multiple external API keys (NVIDIA Developer model key and a Gemini API key) and npm tooling. The registry metadata lists no required env vars or binaries — that's a clear mismatch. The presence of many utility scripts and a server component (mcp-server, SENTINEL templates, reconciliation scripts) is coherent with the described purpose, but the omission of declared requirements in the metadata is inconsistent and unexpected.
!
Instruction Scope
Runtime instructions (SKILL.md, AGENTS.md, docs) direct reading and writing of user vault files (BOOT_CONTEXT.md, CORE_MEMORY.md, session JSONL), running a periodic coherence_monitor, and performing a nightly reconciliation that calls out to Gemini. Those actions are within the framework's stated purpose, but they touch sensitive local state (session logs, vault files, gateway config) and the instructions provide an automated 'Path 2' install via pasting SETUP_AI.md into the agent — which would allow the agent to modify local files and install components autonomously. AGENTS.md simultaneously warns agents 'Never touch live vault files', which is contradictory with other parts that instruct copying scripts into the live Vault and running them.
!
Install Mechanism
The registry lists no install spec, but the bundle includes many executable scripts, Python tools, requirements.txt, and SENTINEL templates that are intended to be copied into the user's Vault and run. There is no packaged, vetted install delivery in the registry metadata — setup is driven by README/SETUP docs and agent-driven installation instructions. That increases risk because arbitrary repo files would be copied and run on the operator's machine without an auditable package/install step described in the registry.
!
Credentials
SKILL.md and docs request multiple credentials and tokens (LLM provider API key, NVIDIA Developer key, Gemini API key, OpenClaw gateway token, optional Telegram token, Firecrawl, etc.), yet the registry metadata declares no required env vars or primary credential. Requesting both a runtime LLM key and a separate 'Gemini' key for offline reconciliation is plausible for the design (using one model for runtime and another for nightly consolidation), but it's a material increase in secret exposure — and the metadata mismatch prevents the platform/user from seeing upfront what secrets are needed.
Persistence & Privilege
The skill does not set always:true and does not itself modify other skills in the metadata. However, its recommended setup deploys SENTINEL watchdog scripts that run periodically, copies tools into a user's Vault, and configures a sleep/reconcile cycle — giving it ongoing disk presence and recurring execution on the host. That persistence is consistent with its purpose but raises the usual operational-risk considerations (scripts that run regularly and write to BOOT_CONTEXT.md/session files).
What to consider before installing
Things to consider before installing or letting the agent 'auto-install': - Metadata vs reality: The registry lists no required env vars or binaries, but the SKILL.md and docs require an LLM API key (or specific NVIDIA Developer key), a Gemini API key, npm tooling, and will copy/run Python scripts — treat the registry omission as a red flag and expect to provide secrets. - Secrets exposure: You will be asked for at least one LLM API key and (per the docs) a Gemini API key. Only provide keys you control, and consider creating scoped/limited keys or ephemeral credentials where possible. Do not reuse high-privilege or long-lived master keys. - Review code first: The package contains scripts that read session JSONL logs and write to BOOT_CONTEXT.md and other Vault files; review SENTINEL templates, coherence_monitor.py, and reconcile_memory.py before running them. Prefer manual execution in a sandbox/VM first. - Avoid automatic 'paste-to-agent' installs: The 'Path 2 — Let your agent handle it' flow would let an agent modify your filesystem and install software. If you lack strong trusts or auditing, use the manual Path 1 and follow SETUP_HUMAN.md step-by-step instead. - Backup your Vault and configs: Before running any install, back up your Vault (CORE_MEMORY.md, SOUL.md, workspace/*) and openclaw config. If SENTINEL or reconcile runs write unexpected content, you can recover. - Limit network access where feasible: The design is 'local-first' but uses external reconciliation (Gemini). If you want strictly local operation, audit and disable reconcile steps that call external APIs. - Prefer least privilege: For Telegram/OpenClaw gateway tokens create dedicated tokens with narrow scopes and restrict network exposure. Monitor created files (reanchor_pending.json, BOOT_CONTEXT.md) for unexpected content. - What would reduce my concern: registry metadata that accurately lists required env vars and binaries, a published homepage or verified source, an install spec (package or signed release) instead of manual copy steps, and explicit notes about what network calls the nightly reconcile makes (endpoints, data sent).

Like a lobster shell, security has layers — review code before you run it.

latestvk977kqre403hpsdxbd1960rphn8362rm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments