ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chat History

v1.1.1

自动归档和分类保存聊天记录,支持关键词触发、快速搜索和命令管理历史会话内容。

0· 489·3 current·4 all-time
by@tonyfenwick1982
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (chat history, archive, search) align with the shipped Python scripts that read session files and write archives/indexes. The code operates on local workspace/session files (e.g., ~/.openclaw or OPENCLAW_DIR), which is coherent with the stated purpose.
!
Instruction Scope
SKILL.md instructs archiving, NLP triggers, and scheduling. The implementation reads OpenClaw session files (agents/main/sessions) and writes archives and indices under the user's OpenClaw workspace — expected for this feature. However the docs and scripts also reference creating system cron entries, editing crontab, and writing logs to system locations (/var/log/chat-archive.log) and a user-specific path (/Users/tanghao/...), which are broader in scope than the 'pure local, no system permissions' assertions in other docs. That mismatch increases risk because a user might be prompted (or the code might offer) to modify system scheduled tasks.
Install Mechanism
No install spec is provided (instruction-only from registry perspective), but the skill includes multiple executable Python scripts and a shell script (archive-daily.sh). There is no external download or package install indicated. Risk is moderate because archive-daily.sh contains hardcoded absolute paths and would be suitable for adding to crontab if the user follows docs — adding scheduled tasks is a privileged persistent action if performed against system crontab.
!
Credentials
Declared requirements list no env vars or credentials; code uses OPENCLAW_DIR / OPENCLAW_WORKSPACE env vars optionally (sane). The bigger issue is hardcoded paths appearing in multiple delivery/docs/scripts (e.g., /Users/tanghao/.openclaw and /var/log/chat-archive.log, an archive-daily.sh referencing a specific user path). That contradicts some security documents that claim dynamic paths and no hardcoding. No network credentials are requested, which is proportionate, but the presence of system-path references and crontab instructions is disproportionate to a simple read/write archival tool unless the user explicitly opts into scheduling.
!
Persistence & Privilege
The skill is not 'always: true' and does not declare elevated privileges. Nonetheless documentation and some scripts reference adding cron entries (system-level scheduling) and an archive-daily.sh that would be suitable for crontab. There is contradictory messaging: v3 changelog claims removal of os.popen/os.system and use of OpenClaw cron API, while other docs and scripts still show crontab usage and hardcoded paths. If the skill or user runs the crontab setup, it will create persistent scheduled actions; that capability requires careful review before enabling.
What to consider before installing
This skill appears to implement local chat-archiving and search, which is plausible. However before installing or enabling automated scheduling: 1) Inspect main.py and main_v3.py for any os.popen/os.system/subprocess calls and any network calls (HTTP, sockets) — the docs disagree internally about whether those were removed. 2) Fix or confirm any hardcoded paths (e.g., /Users/tanghao, /var/log/...) so files and logs are written where you expect. 3) Do not run any cron-setup or --setup-cron steps until you confirm how scheduling is implemented (OpenClaw cron API vs. system crontab). Adding crontab entries is persistent and can run code at system level. 4) Backup your existing ~/.openclaw/workspace/conversation-archives before first run. 5) If provenance matters, ask the author for a canonical repository or signature (source is listed as unknown). If you lack time to audit, run the skill in a controlled account or VM and avoid giving it elevated permissions or running any 'setup-cron' helpers until you verify the code paths involved.

Like a lobster shell, security has layers — review code before you run it.

archivevk9727b9da7k4w6v51vcx2v510n81r82nconversationvk9727b9da7k4w6v51vcx2v510n81r82nhistoryvk9727b9da7k4w6v51vcx2v510n81r82nlatestvk976ppmhs3cxdynd8cwjcahg6h82w2pctoolsvk9727b9da7k4w6v51vcx2v510n81r82n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments