ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Session Memory

v2.0.0

Persistent memory toolkit for AI agents. Save context, recall with relevance scoring, consolidate insights, track decisions across sessions. Features importa...

1· 4.2k·43 current·46 all-time
bySway Liu@swaylq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (persistent session memory) match the provided scripts and SKILL.md. The code implements saving, searching, consolidating, exporting, importing, pruning, and stats using bash and node; requiring the 'node' binary is reasonable and proportionate.
Instruction Scope
SKILL.md instructs the agent to run local scripts that read/write JSONL files under AGENT_MEMORY_DIR (default ~/.agent-memory). The instructions stay within the memory domain (save/recall/context/etc.) but include examples that explicitly suggest storing credentials as 'critical' entries — the scripts do not encrypt or redact stored content, so following that example could lead to plain‑text secrets on disk.
Install Mechanism
There is no install spec (instruction-only skill) and no network download/install step. The repository includes only shell and node scripts; risk is limited to running those scripts locally. Requires node runtime which is declared and expected.
Credentials
The skill requests no environment variables or credentials. It does write and read local files (AGENT_MEMORY_DIR) and will process any JSONL files found there. While no extra permissions are requested, the capability to store arbitrary text (including secrets) in plaintext is a privacy concern and should be considered before use.
Persistence & Privilege
always:false and no persistent install actions are requested. The skill does not modify other skills or system settings; its persistence is limited to creating/reading/writing files under the designated memory directory.
Assessment
This skill appears to do what it says (local file‑based memory via bash+node). Before installing or running it: 1) Do NOT store API keys, passwords, or other secrets in memories — the files are plain JSONL and not encrypted. 2) Consider setting AGENT_MEMORY_DIR to a secure location and tighten filesystem permissions (e.g., chmod 700). 3) Review the scripts (they are human‑readable) if you plan to import/export data from untrusted sources. 4) Back up or encrypt sensitive memories externally if needed. 5) Avoid running these scripts as root or pointing AGENT_MEMORY_DIR to system directories. If you need encrypted storage or secret management, add encryption or integrate with a secrets manager before using for sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97etd0q4n9p2gjh4ng5k37em982t0w2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
Binsnode

Comments