Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Enhanced Search Service
v1.0.0Enhances memory search by combining co-occurrence graph analysis and semantic similarity for improved contextual relevance and ranking.
⭐ 0· 97·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements co-occurrence + semantic scoring as described. However SKILL.md lists additional files and an adapter (integration/adapter/enhanced_search_adapter.py and other docs) that are not present in the packaged files — an inconsistency between claimed surface and provided artifacts.
Instruction Scope
The runtime script inserts an absolute path ('/root/.openclaw/workspace/integration/adapter') into sys.path and attempts to import adapters from there. That design is plausible for an adapter architecture, but it allows the skill to load code from the agent's workspace root (other adapters/plugins). The SKILL.md does not explicitly instruct the agent to access unrelated system paths, yet the code does so. Review of the adapters that will be imported is required because they may perform network I/O or access credentials.
Install Mechanism
There is no install spec (instruction-only), which is low risk, but the package actually includes a Python implementation file. Because no install occurs, nothing is written by an installer, yet the presence of runtime code means you must review that code and any adapters it imports.
Credentials
The skill declares no required environment variables, credentials, or config paths. The code itself does not read environment secrets. That is proportionate to the stated search-enhancement purpose.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. It does attempt to import adapters at runtime, but does not modify other skills' configs or force installation.
What to consider before installing
This skill appears to implement the advertised enhancement logic, but two things need attention before installing or enabling it: (1) SKILL.md references adapter and integration files that are not included in the package — ask the publisher for the missing adapter files or confirm where the adapters will come from. (2) The Python code inserts an absolute workspace path and imports adapters from there, which means the skill will execute code from your agent's workspace (other adapters). You should: review the adapter implementations that will be imported (co_occurrence_adapter and semantic_vector_adapter) to ensure they don't make unexpected network calls or access credentials; run the skill in a sandboxed environment if possible; and verify that no adapter will exfiltrate content. If you cannot inspect the adapters, treat this as higher risk and avoid enabling it in sensitive environments.Like a lobster shell, security has layers — review code before you run it.
latestvk9769c1k0yja7yfead7zg3mba5834tj8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.