ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mem

Search local memory index (local-first). Use for /mem queries in Telegram.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 963 · 4 current installs · 4 all-time installs
by@Trumppo
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description (local-first memory search for /mem) align with the actions described (update index, search index). The skill does not request unrelated credentials, binaries, or config paths.
!
Instruction Scope
The SKILL.md tells the agent to run scripts/index-memory.py and scripts/search-memory.py but those scripts are not included or described. Because the skill is instruction-only, the agent will execute whatever code exists at those paths in the host environment; that code could read arbitrary local files, modify data, or transmit data externally. The instructions are also vague ('if needed'), giving runtime discretion.
Install Mechanism
No install spec (instruction-only), so nothing is fetched or written by the skill itself. This lowers remote install risk but increases reliance on external files whose contents are unknown.
Credentials
The skill declares no environment variables, credentials, or config paths. There is nothing requested that appears disproportionate to local memory search.
Persistence & Privilege
The skill does not request permanent presence (always:false) and does not modify other skills or system-wide settings. Note: model invocation is enabled (default), so the agent could call this skill autonomously — this is normal but combined with the instruction-scope concern increases the blast radius.
What to consider before installing
Before installing or enabling this skill: (1) verify that the referenced scripts (scripts/index-memory.py and scripts/search-memory.py) exist in the environment and inspect their source — do not run them if you can't review them; (2) ensure those scripts only access the local memory index and do not read or transmit unrelated files or credentials; (3) if possible, run the scripts in a restricted or sandboxed environment first; (4) consider limiting the agent's autonomous invocation for this skill (or require explicit user confirmation) until you trust the scripts; (5) ask the skill author to include the implementation or a detailed spec in the package so behavior is auditable. These steps will reduce the risk that the skill executes unexpected or exfiltrating code.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97116mx6pgagyf4r8demteyb580sjt3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Memory Search (/mem)

Overview

Run local-first memory search using the cached index.

Usage

  1. Update the index if needed:
scripts/index-memory.py
  1. Search the index with the user query:
scripts/search-memory.py "<query>" --top 5

Output

Return the top hits with their paths and headers. Summarize briefly if needed.

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…