ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Install Powermem Memory Minimal

v0.1.0

memory-powermem 最小安装步骤(OpenClaw + PowerMem 长期记忆),面向个人用户;无需单独配置 powermem.env,复用 OpenClaw 里已配好的对话模型。本 skill 可独立分发,不依赖其他安装类 skill。

0· 253·0 current·0 all-time
bypowermem@teingi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim a minimal PowerMem installer for OpenClaw. The instructions only require Python ≥3.10, installing powermem into a venv, and integrating with OpenClaw — all consistent with the declared purpose and the absence of requested credentials or config paths.
Instruction Scope
Instructions are narrowly scoped to installing powermem, creating/activating a venv, configuring pmemPath or activating the venv before running the OpenClaw gateway, and verifying plugin load/health. They instruct running a remote install script (curl | bash) and rely on OpenClaw having an API key/model configured; they do not instruct reading arbitrary files or exfiltrating data, but the reuse of OpenClaw's model/API key is a capability users should be aware of.
Install Mechanism
There is no registry install spec, but the SKILL.md recommends piping a script from raw.githubusercontent.com into bash. Using a GitHub raw URL is a common pattern and less suspicious than a personal server, but piping remote scripts to bash is inherently riskier than installing from a reviewed package manager; users should inspect the script before running.
Credentials
The skill declares no required env vars, which matches the manifest. However the instructions explicitly state that PowerMem will reuse OpenClaw's default model and API key (no separate powermem.env). This is logical for integration but means the plugin will operate with the same credentials — users should confirm they are comfortable with that reuse.
Persistence & Privilege
The skill does not request always:true, no persistent elevated privileges are required. The install writes files under the user's home (~/.openclaw/powermem/.venv) and registers a plugin with OpenClaw which is normal for an installer of this type.
Assessment
This skill is coherent for its stated purpose, but checklist before running it: 1) Verify OpenClaw is working and that you're okay with the plugin reusing OpenClaw's API key/model (the installer will not create a separate powermem.env). 2) Confirm Python ≥ 3.10 and that you understand the chosen venv path (~/.openclaw/powermem/.venv). 3) Inspect the install script at https://raw.githubusercontent.com/ob-labs/memory-powermem/main/install.sh yourself before running curl | bash (or run it in a sandbox). 4) Consider running pip install powermem and openclaw plugins install manually if you prefer not to execute a remote script. 5) Back up OpenClaw configuration if you care about preserving current settings. These steps reduce risk while installing the integration.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b3fp9zyknt1z4s16phrx3th83gvaw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments