ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Mesh Core

v1.0.6

Builds a reusable, scored memory mesh with safety gating and 12-hour auto-refresh for cross-session memory consolidation and quality control in OpenClaw.

2· 712·1 current·1 all-time
byWANGJUNJIE@wanng-ide
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The scripts implement the advertised features (local consolidation, scoring, quarantine-first global sync, GitHub contribution export/posting, scheduler integration). However, the runtime relies on external CLIs (openclaw, clawhub, gh) and ability to write into the workspace and skills directory, yet the registry metadata declares no required binaries or credentials — this mismatch is an incoherence users should be aware of.
!
Instruction Scope
Runtime instructions and included scripts read many local files (MEMORY.md, memory/**/*.md, skill package.json), run subprocess commands, query and install other skills via clawhub, edit/run OpenClaw cron jobs, and optionally post comments to GitHub via the gh CLI. While the code includes secret-pattern blocking and sanitization, the skill still can read arbitrary workspace files and transmit promoted items to external services (ClawHub/GitHub). The scope includes supply-chain actions (auto-updating/installing other skills) and modifying scheduler configuration — broader than a simple read-only memory consolidation tool.
Install Mechanism
No remote download/extract install spec is present; the package is instruction-only and ships Python scripts. There are no external URLs or archive downloads in the install spec. The primary installation flow uses local CLIs (clawhub/openclaw) rather than fetching arbitrary binaries from untrusted URLs.
Credentials
The skill declares no required environment variables or credentials. It relies on locally-configured tooling for network actions: GitHub posting uses the gh CLI and the user's GitHub auth (token) already on the system; clawhub/openclaw commands rely on the agent's environment and permissions. That is proportionate to its functionality, but worth noting because posting contributions or installing other skills will use whatever credentials/permissions those CLIs have on the host.
!
Persistence & Privilege
The skill will create or edit OpenClaw cron jobs (scripts/ensure_openclaw_cron.py) and can auto-install/update other skills (global_memory_sync.py uses clawhub install --force). Although always:false (not force-included), the skill has the capability to change scheduled tasks and install code into the workspace, which increases its blast radius and supply-chain implications.
What to consider before installing
This skill appears to do what it claims, but it also performs powerful operations that you should review before installing. Key actions to take before use: - Audit the scripts (especially global_memory_sync.py, ensure_openclaw_cron.py, install_bootstrap.py) to confirm you accept: (a) running clawhub/openclaw/gh on your host, (b) automatic installation/updates of other skills, and (c) creation/editing of OpenClaw cron jobs. - Run in an isolated or sandbox workspace first to observe behavior and outputs (the skill reads workspace files and writes memory/memory_mesh/* artifacts). - If you will allow GitHub posting, ensure your gh credentials have only the scopes you intend and consider keeping automated posting disabled (do not pass --post-issue-comments or set setup_12h.sh posting flag to off). - If you are uncomfortable with automatic skill updates, set auto_update_skills to false in skills/memory-mesh-core/config/global_sync.json or avoid running the install_bootstrap/global sync scripts. - Verify that clawhub/openclaw/gh CLIs are from trusted sources on your machine and that you consent to them being invoked by the skill. - Consider limiting network exposure and reviewing promoted JSON outputs (memory/memory_mesh/feeds and github_issue_batch_v1.json) before any automatic posting. If you want, I can point out the exact lines or functions in the scripts that perform each privileged action, or suggest minimal configuration changes to reduce risk (eg. disable auto-update, disable scheduled posting).

Like a lobster shell, security has layers — review code before you run it.

latestvk97bf1nw6syq89fc456ddtatzs815zx9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments