Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
proclaw-omni-memory-ultimate
v1.0.0Integrates 8-layer memory with autonomous self-driven, self-evolving, self-learning, and core axis systems for intelligent agent cognitive architecture.
⭐ 0· 50·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (an 8‑layer memory + autonomous core) align with the provided modules (embedding, HNSW index, dream/creativity, backup, multimodal, federation, autonomous agent core). The code files reflect the claimed functionality rather than something unrelated (e.g., no obvious crypto-miner or cloud-deploy code in the snippets).
Instruction Scope
SKILL.md and init scripts instruct creating workspace directories and writing WAL-style session/memory files (expected). However the repository also contains components named memory_federation, dream_daemon, autonomous_agent_core and daemon-like scripts — these imply background processes and potential network interaction or autonomous actions which are not described in SKILL.md's declared dependencies or environment variables. The SKILL.md is large/truncated here, so there is uncertainty about runtime instructions to start daemons or contact external endpoints.
Install Mechanism
No install spec is provided (instruction-only style), so nothing is automatically downloaded or written by an installer. That lowers install-time risk. Note: the package includes substantial Python scripts which an agent could be instructed to run; those would perform file I/O and possibly network I/O at runtime.
Credentials
No environment variables, credentials, or config paths are declared, yet the codebase contains federation and multimodal components that commonly require network endpoints or API keys. The absence of declared secrets/endpoints is an inconsistency — either the skill is purely local (safe-ish) or it hides external communication/credential needs in code (risky).
Persistence & Privilege
always:false and no special OS restrictions are set (normal). But files include daemon and autonomous-agent modules which could be run by an agent to gain persistent background activity; that capability is not balanced by explicit install rules or declared permissions in SKILL.md.
What to consider before installing
This skill contains many non-trivial Python modules that implement local memory, embedding, HNSW indexing, dream/daemon systems, a federation module, and an autonomous-agent core. Before installing or running it: (1) Review the full SKILL.md and the omitted files (especially memory_federation.py, dream_daemon.py, autonomous_agent_core.py) for any outbound network calls, hard-coded endpoints, or code that reads /etc, home directories, or environment variables. (2) Run it in an isolated environment (VM or container) and monitor network traffic and spawned processes. (3) Do not provide API keys or credentials until you confirm exactly which external services (if any) are required and why. (4) Ask the publisher for full documentation, the purpose of the federation feature, and a canonical homepage/source repo; the listed website/contact look minimal and the package author is unknown. If you can share the full contents of the omitted files (or SKILL.md remainder), I can re-evaluate and narrow the risk assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk970r3ddckpqwwh1hdecm4d74984ac06
License
MIT-0
Free to use, modify, and redistribute. No attribution required.