Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openclaw Skills Smart Agent Memory
v2.1.1跨平台 Agent 长期记忆系统。分层上下文供给 + 温度模型 + Skill经验记忆 + 结构化存储 + 自动归档。三层存储:Markdown(人可读,QMD 可搜索)+ JSON(结构化)+ SQLite/FTS5(高性能全文搜索)。纯 Node.js 原生模块,零外部依赖。
⭐ 0· 195·0 current·0 all-time
by@tntest
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (long‑term memory for agents) aligns with the included code and CLI. It legitimately needs Node and read/write access to ~/.openclaw/workspace/memory and it implements dual-layer memory (Markdown + JSON/SQLite) as described. Minor metadata mismatches exist between the registry header and embedded _meta.json/SKILL.md (owner/slug/version differences), but these look like packaging/metadata inconsistencies rather than functional or malicious mismatches.
Instruction Scope
Runtime instructions and CLI operations are scoped to the memory workspace (reading/writing ~/.openclaw/workspace/memory, creating daily logs, lessons, skill experience files). The CLI can create SKILL.md templates (extract → writes to a skills directory) which is a legitimate feature for 'extracting' lessons, but it does mean the skill can write files into the user's skills area. The code calls an external binary 'qmd' if present (lib/search.js → execFileSync), but this is optional and falls back to built‑in search.
Install Mechanism
No remote install/downloads or archive extraction are present in the package. The skill is delivered as Node.js source files and a CLI script; there is no installer that fetches external code. This is a lower‑risk delivery model. README suggests installing via clawhub or copying into ~/.openclaw/skills, which is normal.
Credentials
The skill requests no secrets or cloud credentials. Declared runtime requirement is only the node binary. The SKILL.md metadata declares read/write permissions for ~/.openclaw/workspace/memory which is proportional to a memory engine. One minor mismatch: the top-level registry metadata said 'Required config paths: none' while SKILL.md clearly documents read/write of the workspace path—this is inconsistent but coherent with the skill's purpose. The optional use of the external 'qmd' binary is not declared in requires.bins, so availability of that binary is detected at runtime.
Persistence & Privilege
always:false (good). The skill writes persistent data under ~/.openclaw/workspace/memory and can create Markdown skill templates (it is capable of writing SKILL.md into a skills directory). Writing new skill files is explained by the 'extract' feature and is plausible for this tool, but it does constitute modification of the skills filesystem (so review where it will write before running). The SKILL.md also recommends adding scheduled jobs via OpenClaw cron—scheduling is intended but means repeated autonomous actions if you accept those cron jobs.
Assessment
This package appears to be a coherent local memory engine: it only needs Node and read/write access to your OpenClaw workspace. Before installing or enabling it: 1) Confirm you trust the source (homepage unknown and embedded metadata/owner/version have small mismatches). 2) Be aware it will create and modify files in ~/.openclaw/workspace/memory and can generate SKILL.md templates under your skills directory (the 'extract' command); if you run that, inspect generated SKILL.md files before enabling them. 3) The CLI optionally calls an external 'qmd' binary if present — this is optional but not declared in requires.bins. 4) IDs are generated with a simple timestamp+random approach (not cryptographically strong) — fine for local usage but worth noting. 5) Recommended safe practices: back up any existing memory directory, run the CLI in a sandbox or non‑privileged account to validate behavior, and review/scan the package code if you have sensitive data. Overall the package is internally consistent with its stated purpose, but do the brief due diligence above because the source and packaging metadata are inconsistent.lib/search.js:86
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk977g9w6kpqt2bt9wp3vhayqfs8305p4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
Binsnode