ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RMN Soul

v1.0.1

Automatically creates a recursive neural memory network, stores it on IPFS, and anchors its Merkle root on Base chain as an ERC-8004 identity NFT.

0· 529·0 current·0 all-time
byceelo@weidadong2359
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code and SKILL.md: the scripts parse workspace memory files, build a 5-layer recursive memory, compute Merkle roots, upload to IPFS, and anchor metadata in an ERC-8004 registry on Base. Functionality requested (IPFS + Base anchoring) is coherent with the stated purpose.
Instruction Scope
Runtime instructions and scripts legitimately read many workspace files (MEMORY.md, memory/*.md, .issues/*) to construct memory.json and will run node scripts and a local visualization server. They also call external tools (ipfs, cast) and public IPFS gateways; the scripts execute arbitrary shell commands (execSync) which is expected for this task but increases risk if run in an untrusted environment.
!
Install Mechanism
This is an instruction-only skill (no install spec), but the code relies on external binaries (node, ipfs, Foundry/cast) and a local IPFS node. Registry metadata declares no required binaries or install steps—this is inconsistent and increases accidental execution risk if the environment lacks required tooling or a user runs the scripts without understanding the dependencies.
!
Credentials
Registry declares no env vars, but the code uses RMN_SPONSOR_KEY (and OPENCLAW_WORKSPACE) and will persist sponsorKey into config.json on setup. Passing a private key to cast via --private-key (command-line) and writing it to config.json are risky: command-line arguments can leak via process lists and config.json is stored in plaintext in the workspace. The need for a sponsor key is proportional to on-chain actions, but the skill does not declare or warn about how sensitive keys are handled.
!
Persistence & Privilege
The skill writes persistent files under <workspace>/rmn-soul-data (memory.json, config.json, identity.json, history) which is normal. But autoAnchorDays defaults to 7 and heartbeat can mark anchors as due; if a sponsor key is present the skill can initiate transactions and spend gas automatically. While 'always' is false, the ability to auto-anchor combined with stored keys increases blast radius and financial risk.
What to consider before installing
What to consider before installing/using this skill: - Private keys: The skill reads RMN_SPONSOR_KEY (if set), saves sponsorKey into a plaintext config.json under rmn-soul-data, and passes the key on the command line to cast. This can expose keys via files or process lists—do NOT provide your main wallet key. Use a throwaway sponsored wallet with minimal funds if you want to test. - Automatic transactions: autoAnchorDays defaults to 7; heartbeats can mark anchors as due. If a private key is configured, the skill may send transactions automatically. Disable autoAnchorDays (set to 0) or remove sponsorKey before running automated hooks. - Undeclared dependencies: The package/registry metadata does not declare required binaries, but scripts call node, ipfs, and Foundry's cast. Confirm those tools (and a safe RPC URL) are present before running. If you don't want on-chain behavior, omit install of cast and ipfs or avoid running anchor/register scripts. - Workspace access: setup scans many workspace files (MEMORY.md, SOUL.md, memory/*.md, .issues/*). Only run this in a workspace you are comfortable having scanned and written to. The skill will create rmn-soul-data in the workspace. - Network exposure: resurrect and anchor use public IPFS gateways and RPC endpoints—if you need to keep memory private, be aware content may be uploaded to IPFS unless ipfsEnabled is disabled or you control the node. - Hardening steps: review scripts yourself, run in an isolated/test workspace or container, set autoAnchorDays to 0, do not set RMN_SPONSOR_KEY (let the script save calldata for manual broadcast), or use a temporary wallet. If you want to use on-chain features, prefer using an offline signer or tooling that doesn't accept raw private keys on the command line. Overall: the code is consistent with its stated purpose, but the combination of undeclared dependencies, plaintext key persistence, command-line key usage, and auto‑anchor behavior warrants caution. Inspect and test in a safe environment before granting credentials or enabling automation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fcn3kes4c41c673yqfz030181qhjw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments