Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Librarian Mastery — World-Class AI Knowledge & Memory System
v1.0.0World-class autonomous institutional memory, version control, and knowledge management skill system. Use ANY time the user asks to save, version, archive, or...
⭐ 0· 62·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be an institutional memory/version-control system and the reference docs describe intensive filesystem operations (moving files, renaming, modifying registries, creating archives, running commands like `wc -c MEMORY.md`, updating source-of-truth registries). That functionality is consistent with the stated purpose. However, the package declares no required env vars, no config paths, and no required binaries — yet the docs assume access to workspace paths (e.g., /workspace-main/, memory/, system/registries/, ~/.openclaw/, .secrets/). The missing declared permissions/requirements vs. the heavy filesystem operations is a meaningful incoherence.
Instruction Scope
The SKILL.md and included reference files explicitly instruct agents to read reference files, scan and move files, archive or delete assets, update registries, run maintenance checklists, and enforce deletion authorization (including autonomous deletion of exact duplicates and temp files). The docs also direct changes to central indexes and source-of-truth registries. These are high-impact operations (potential for irreversible deletions or mass moves) and the skill both recommends aggressive triggering and gives the Librarian autonomous deletion authority for certain classes of files. The instructions reference system and secret paths (.secrets, ~/.openclaw/cron/) that lie outside the skill bundle.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. No third-party downloads or installers are used, which minimizes supply-chain risk at install time.
Credentials
The manifest declares no environment variables or credentials, yet the reference docs mention external platforms and account dependencies (Gumroad, KDP, tracking external deployment URLs) and point to local secret/config paths (.secrets, ~/.openclaw/). That mismatch means the skill's instructions presuppose access to credentials and system config that are not declared, making the requested scope unclear and potentially excessive if the agent is granted file/secret access implicitly by the runtime.
Persistence & Privilege
always:false (good), but autonomous invocation is allowed by default and the skill explicitly requests aggressive triggering on many keywords. Combined with built-in authority described in the docs to autonomously delete exact duplicates and temp files and update canonical registries, this creates a non-trivial blast radius if the agent is allowed write/delete access. The skill also encourages automatic archival and renaming patterns without requiring human confirmation for several deletion categories.
What to consider before installing
This skill is not obviously malicious, but it contains instructions that assume broad read/write/delete access to your workspace and to config/secret locations while declaring no required permissions or credentials. Before installing or enabling it: 1) Back up your workspace and registries. 2) Run the skill in a sandbox or allow only read-only access initially. 3) Ensure the platform enforces an explicit permission model (disallow writes/deletes) or require human confirmation before any destructive operations. 4) Review and, if needed, edit the deletion/archival rules in the reference files (prevent autonomous hard-deletes; require human approval for anything beyond temp/exact-duplicate). 5) Confirm how/if the skill would access external services (KDP, Gumroad) and never provide credentials implicitly; prefer manual sync. 6) If you cannot audit every action the agent will take, do not enable autonomous invocation for this skill and require explicit human invocation for each change. These steps will reduce the risk of accidental data loss or inadvertent exposure of secrets.Like a lobster shell, security has layers — review code before you run it.
archivevk9751n78x31daqmhdfafx2y4nh83a7x2documentationvk9751n78x31daqmhdfafx2y4nh83a7x2knowledge-managementvk9751n78x31daqmhdfafx2y4nh83a7x2latestvk9751n78x31daqmhdfafx2y4nh83a7x2libraryvk9751n78x31daqmhdfafx2y4nh83a7x2memoryvk9751n78x31daqmhdfafx2y4nh83a7x2organizationvk9751n78x31daqmhdfafx2y4nh83a7x2version-controlvk9751n78x31daqmhdfafx2y4nh83a7x2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.