Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memory Enhancer
v1.0.0Automatically extracts facts from daily logs to update and maintain structured long-term memory and summaries.
⭐ 0· 107·5 current·5 all-time
by@xpneuma
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name and description match what the code does: read yesterday's log and update JSON summaries and MEMORY.md. However, the code hard-codes absolute paths under /home/bosunjung/.openclaw/workspace which is environment-specific, and SKILL.md says the sub-agent uses OpenRouter while index.js actually asks the platform to spawn a sub-agent using 'google/gemini-2.5-flash' — a clear inconsistency between documentation and implementation.
Instruction Scope
SKILL.md and the code instruct a spawned sub-agent to perform merges and write operations on files in memory/stats and append to MEMORY.md. The main skill itself does not perform the merges; it relies on context.sessions_spawn to run a sub-agent with the prompt that directs arbitrary read/write of workspace files. The prompt gives exact filesystem paths but there is no explicit scoping or safeguards in the code limiting what the sub-agent can read/write. This grants the sub-agent broad file-system authority within the workspace and could be abused to modify unrelated files or exfiltrate content if sub-agent tooling has network access.
Install Mechanism
There is no install spec or external download. The skill is provided as code (index.js) and SKILL.md; nothing is pulled from the network at install time. This is lower risk from an installation perspective.
Credentials
The skill requests no environment variables or credentials, which is appropriate for local file processing. However, it hard-codes user-specific absolute paths (/home/bosunjung/.openclaw/workspace...), making it tied to a particular account and increasing the chance of accidental access to unrelated user files if deployed elsewhere. Also SKILL.md indicates using OpenRouter, but the code uses an internal sessions_spawn with Gemini — no API keys are requested, but the mismatch should be clarified.
Persistence & Privilege
The skill is not marked always:true and does not attempt to alter other skills or system-wide agent settings. It writes logs and updates files within its declared workspace area, which is expected for a memory-maintenance tool. The higher-risk element is the autonomous sub-agent invocation (allowed by default) combined with file write instructions; autonomous invocation alone is normal but increases blast radius when paired with file writes.
What to consider before installing
This skill mostly does what it says (read a daily log and update local memory files), but exercise caution before installing: 1) Confirm what permissions context.sessions_spawn grants on your platform — does the spawned sub-agent have unrestricted filesystem or network access? 2) Ask the author to fix the documentation/code mismatch (SKILL.md says OpenRouter; code spawns 'google/gemini-2.5-flash'). 3) Because the code uses hard-coded absolute paths under /home/bosunjung, either run it in a sandboxed account or modify paths to a dedicated workspace to avoid touching other files. 4) Verify you have backups of MEMORY.md and memory/stats before running, and inspect skill-execution.log after tests. 5) Prefer an explicit allowlist: limit the sub-agent's read/write scope to the specific memory directory and confirm it cannot send data externally (or restrict its network access). If you cannot confirm or constrain the sub-agent's permissions, treat this skill as higher risk and avoid deploying it to sensitive environments.Like a lobster shell, security has layers — review code before you run it.
latestvk97dxh5k5armt8ta120xxv9yad838esy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.