ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

memory_baidu_embedding_db

v2.0.1

Semantic memory system using Baidu Embedding-V1 for secure, local vector storage and retrieval in Clawdbot with SQLite persistence.

0· 2.5k·2 current·2 all-time
by@xqicxx
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's files, SKILL.md and Python implementation all implement a Baidu Embedding → SQLite local memory system (consistent with the name). However the registry metadata declares no required environment variables while the documentation and code clearly require BAIDU_API_STRING and BAIDU_SECRET_KEY — an important metadata mismatch. The code also expects a sibling module (baidu-vector-db/baidu_embedding_bce_v3) by manipulating sys.path to /root/clawd/skills/baidu-vector-db/ which is not present in the provided manifest, indicating an unstated dependency.
!
Instruction Scope
Runtime instructions and included scripts (e.g., memory_skill_full_verification.sh, DISABLE_LANCEDB.md) reference absolute root paths (/root/clawd, /root/.nvm/...) and external components (git-notes memory, baidu-vector-db). The DISABLE_LANCEDB.md and example commands recommend renaming node_modules to disable a different extension — this modifies other installed components and goes beyond a memory plugin's narrow scope. Some docs/scripts also suggest echoing environment variables and adding secrets to shell rc files, which risks credential exposure in logs/terminal history.
Install Mechanism
There is no automated install spec (no downloads or package installs). All code is shipped in the skill bundle, so no remote fetch occurs during install. That lowers install-time supply-chain risk. However, the code expects additional local modules (baidu-vector-db) which are not included.
!
Credentials
The skill legitimately needs Baidu API credentials for embeddings (BAIDU_API_STRING and BAIDU_SECRET_KEY), which is proportionate to its stated purpose. But the skill metadata fails to declare these environment variables as required, and multiple files instruct printing or persisting the secrets in shell rc files (echo $BAIDU_SECRET_KEY, writing export lines to ~/.bashrc) — practices that increase the risk of credential exposure. No other unrelated credentials are requested.
!
Persistence & Privilege
The skill does not set always:true and allows normal autonomous invocation. However included docs/scripts instruct modifying other system components (disabling memory-lancedb by renaming its directory under /root/.nvm) and reference system-wide paths (Git repo at /root/clawd). Those actions impact other skills and system state beyond the skill's own files and therefore raise privilege/persistence concerns.
What to consider before installing
This package appears to implement a Baidu-embedding local memory system and will need your Baidu Qianfan API credentials (BAIDU_API_STRING, BAIDU_SECRET_KEY). Before installing: 1) Note the metadata omission — the registry did NOT declare the required env vars even though the code and docs require them; don't assume the platform will prompt for those keys. 2) Inspect and confirm the presence of the referenced sibling module (baidu-vector-db / baidu_embedding_bce_v3) or supply a vetted implementation; the skill appends absolute /root paths to sys.path which may not exist in your environment. 3) Be cautious about the scripts that reference /root paths and suggest renaming other modules to disable memory-lancedb — those instructions modify other system components and could break other extensions; back up anything you might change. 4) Avoid pasting secrets into shell history or committing them to ~/.bashrc; prefer a secrets manager or restricted-permission files. 5) Test in an isolated environment (container or VM) first to observe filesystem interactions and network calls, and consider reviewing the entire codebase for any hard-coded paths or logging of secrets. If you want to proceed but lack the expertise, ask the maintainer to: declare required env vars in metadata, remove/parameterize absolute /root paths, and remove instructions that modify other extensions.

Like a lobster shell, security has layers — review code before you run it.

latestvk971yscv7ka2c404xye00410xs80gmnq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments