ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Analyzer

v1.0.0

Analyzes conversation history, extracts user preferences and feedback, updates memory files automatically.

0· 675·2 current·2 all-time
by@tevfikgulep
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (analyze conversation history and update memory files) match the SKILL.md and the included analyzer.py. Required resources (none) are proportionate to the stated purpose; no unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to read conversation history from sessions/ and to automatically update memory files (MEMORY.md, USER.md, AGENTS.md, IDENTITY.md, SOUL.md). That behavior is coherent for the stated purpose but broad: it grants the skill access to all stored session transcripts and gives it autonomy to modify persistent memory files. No sanitization, consent, or retention policy is described.
Install Mechanism
There is no install spec (instruction-only), and the shipped analyzer.py is a small local script with no downloads or external install steps. This is low-risk from an install/network-execution perspective.
Credentials
The skill requires no environment variables, credentials, or config paths. That is proportionate. Note: the included memory_analyzer_output.json contains personal identifiers (E.164 phone number and a Telegram id) drawn from example data — the presence of PII in outputs is a privacy concern but not an inconsistency with the skill's purpose.
Persistence & Privilege
The skill is not always-enabled and can be invoked by the user (default autonomy is allowed). It will write updates to memory files automatically when run, which is normal for a memory-updating tool but increases the risk of persistent storage of sensitive content. It does not request elevated system-wide privileges or modify other skills' configs.
Assessment
This skill appears to do what it says: read session transcripts and update memory files. Before installing, consider the privacy implications — memory files can contain sensitive data (phone numbers, account IDs, etc.). Recommended precautions: 1) Inspect and sanitize existing sessions/ transcripts to remove PII you don't want persisted, 2) run the analyzer in a safe environment first and review its proposed changes before allowing automatic writes, 3) restrict filesystem permissions on MEMORY.md / USER.md / other memory files, 4) add explicit prompting or a review step to the SKILL.md (or modify analyzer.py) so updates require human approval, and 5) audit any memory files the skill creates for accidental secrets (API keys, tokens). If you need help adapting the skill to require manual approval or to redact PII automatically, I can suggest code changes.

Like a lobster shell, security has layers — review code before you run it.

analysisvk97dfev9y1g8481jd51r0n9r0d8108ycautomationvk97dfev9y1g8481jd51r0n9r0d8108yclatestvk97dfev9y1g8481jd51r0n9r0d8108yclearningvk97dfev9y1g8481jd51r0n9r0d8108ycmemoryvk97dfev9y1g8481jd51r0n9r0d8108yc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis

Comments