ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

L6 Learning Accelerator

v1.0.0

Provides time-aware memory retrieval by combining vector similarity with temporal relevance and tracks learning progress for enhanced study management.

0· 61·0 current·0 all-time
by@wyblhl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (time-aware retrieval + progress tracking) matches the included modules (retrieval.js, temporal.js, progress.js). No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md only instructs local usage (require the modules, call functions, add optional workspace config). The runtime instructions do not direct reading of unrelated system files or environment variables, nor do they transmit data to remote endpoints. Progress export/import use file I/O which is appropriate for local data export.
Install Mechanism
There is no install spec (no external downloads). All code is packaged with the skill. The skill requires only Node built-ins (fs/path) and no third-party packages, so there is no external install risk.
Credentials
The skill requests no environment variables or credentials. One small note: SKILL.md/README mention a configurable memory_path, but the retrieval code does not read that path — this is a mild documentation/code mismatch, not a credential issue.
Persistence & Privilege
always is false and there are no requests to modify other skills or system-wide settings. The module keeps session state in-memory and exposes explicit export_to_file/import_from_file functions for persistence; those functions require a file path provided by the caller.
Assessment
This skill appears to be what it claims: local JS modules for time-aware retrieval and progress tracking. Before installing: (1) note there is no external network activity or credential requests, but the export_to_file/import_from_file functions will read/write any path you provide — avoid using sensitive system locations. (2) The README references a workspace path and a memory_path config key that the code does not appear to use; if you plan to persist memories, confirm how and where you will store them. (3) The package source is 'unknown' and has no homepage—if you require provenance, ask for the publisher or review the included source files and run the test suite (node test/basic.test.js) in a sandboxed environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97375sfdf3jgvhcbp5f4fbsd183cmkd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments