Relic
Security checks across malware telemetry and agentic risk
Overview
Relic appears to do what it says: it creates a local self-model memory, with the main risk being persistent capture of personal conversation-derived observations if its optional hook is enabled.
Relic looks purpose-aligned and local-first. Before installing, decide whether you want a persistent self-model vault, and only enable the relic-capture hook if passive conversation capture is acceptable. Review the vault contents and exported prompts regularly, avoid storing secrets, and prefer the documented auto_capture.py hook path over the hardcoded relic_extractor.py helper.
VirusTotal
67/67 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the hook is enabled, personal statements from conversations may be retained locally and reused in future self-model exports.
The optional hook can turn conversation content into persistent local memory. This matches the skill's purpose and is disclosed, but saved observations may later influence the user's self-model and exported prompts.
reads transcript data from hook context ... extracts likely durable user signals ... appends observations to the configured relic vault
Enable passive capture only if you want this persistent memory behavior. Periodically inspect inbox.ndjson, self-model.md, and exports before reusing or sharing them.
After enabling the hook, Relic may update its local memory at the end of future sessions without an explicit capture command each time.
The package includes a persistent event hook that continues to run at session end once enabled. This is clearly described as optional and purpose-aligned, so it is a notice rather than a concern.
Relic includes a bundled optional hook named `relic-capture`. It fires on `agent:stop`
Only enable relic-capture if you want passive capture. Disable the hook when you want conversations not to affect the Relic vault.
Enabling the hook allows the installed package code to run automatically at session stop.
The hook invokes a fixed local Python script to process transcript data. This is expected for the documented hook workflow and uses execFileSync without shell interpolation, but it is still local code execution.
execFileSync('python3', [SCRIPT_PATH], { input: JSON.stringify({ transcript }), encoding: 'utf-8', timeout: 30000, cwd: VAULT_PATHReview the installed hook files before enabling them, and keep RELIC_VAULT_PATH pointed at a directory you control.
If someone manually runs this helper, it may skip capture or write to an unexpected local path instead of the configured vault.
This included helper uses a developer-specific absolute vault path instead of the documented RELIC_VAULT_PATH contract. It is not the documented OpenClaw handler path, and it appears local-only, but it is a portability/provenance issue.
VAULT = Path('/Users/yexiaodong/.openclaw/workspace/projects/relic/vault')Use the documented hooks/auto_capture.py flow. The maintainer should remove this stale helper or update it to use RELIC_VAULT_PATH.