Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Llm Memory V8 Fix
v8.0.1LLM Memory Integration - 接口层 + 自动化钩子。安装后自动从 CNB 仓库拉取私有增强包。
⭐ 0· 34·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and declared behavior align: the public package implements interfaces and a safe FTS fallback while lifecycle hooks clone a private 'privileged' package that provides high-performance/native extensions. The code and metadata consistently declare this architecture. Minor metadata mismatches exist (src/__init__ version is '7.0.0' while package metadata is '8.0.1') and many tests import 'core' modules that appear to be provided only by the private package — showing strong dependency on the cloned content.
Instruction Scope
SKILL.md explicitly documents the hooks and their actions. The hooks' code matches the documentation: postinstall.py runs git clone of the CNB repo into src/privileged/, and onStartup.py checks git status and writes logs. The instructions do not access unrelated system files or undeclared env vars. However the hooks will write files into the user's OpenClaw workspace and remove any existing privileged directory before cloning (shutil.rmtree), so they modify local filesystem in the declared skill area.
Install Mechanism
There is no packaged install spec but lifecycle hooks perform a 'git clone' from https://cnb.cool/llm-memory-integrat/llm.git — a non-well-known release host (not GitHub/GitLab/official release server). While cloning is documented, pulling arbitrary repository content from a personal/unknown domain is a higher-risk supply-chain action because that code will reside in the user's workspace and can contain native extensions or arbitrary executable code.
Credentials
The skill requests only binaries (python3, sqlite3, git) and filesystem read/write access to its own OpenClaw paths and network access to the CNB endpoint. It does not request unrelated credentials or broad environment variables. The declared capabilities (subprocess calls and network access) match what the hooks perform.
Persistence & Privilege
The skill is not forced-always, and does not modify other skills or system-wide configuration. Hooks run at install and gateway startup (normal lifecycle behavior). The skill does create/replace files inside its own workspace (src/privileged/) which is expected for its 'privileged package' design.
What to consider before installing
This package is doing exactly what it says: when installed it will automatically git-clone a private 'privileged' repository from cnb.cool into ~/.openclaw/workspace/skills/llm-memory-integration/src/privileged and the gateway hook will check that repository on startup. That design is coherent but risky because code from an unfamiliar external host will be placed into your workspace and could contain native extensions or arbitrary executable code. Before installing consider: 1) Disable hooks during install (clawhub install llm-memory-integration --no-hooks) and manually inspect the remote repo (or clone to a sandbox) before copying its contents into your environment. 2) Only install if you trust the cnb.cool domain and/or maintain an internal mirror of the repo. 3) If you must auto-install, restrict network access or run the skill in an isolated environment/container. 4) Review the contents of the cloned repo (especially any native extensions, setup scripts, or code that could call external APIs) and verify signatures or hashes if available. 5) Note that many tests and functionality appear to rely on the private package; without it the public package falls back to the safe SQLite FTS implementation. If you want lower risk, keep the hooks disabled and use the public 'safe' implementation.Like a lobster shell, security has layers — review code before you run it.
latestvk9778jgx7f0e80xwsm6vrtr6n184zbzm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
Binspython3, sqlite3, git
Configfilesystem.read.~/.openclaw/memory-tdai, filesystem.write.~/.openclaw/memory-tdai, filesystem.write.~/.openclaw/workspace/skills/llm-memory-integration/src/privileged, network.https://cnb.cool