Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a lightweight, local memory-management tool and the provided core file (memory_secretary_lite.py) implements filesystem-only analysis functions which align with the description. However, the package/manifest is inconsistent: src/__init__.py imports modules (smart_adaptive, daily_check, pilot_check) that are not present in the file list; README/SKILL.md mention config/ and scripts/ directories and additional source files that are missing; tests expect many scripts under a scripts/ folder that are not included. These gaps suggest an incomplete or mismatched package rather than a clean, single-purpose component.
Instruction Scope
SKILL.md instructs only read-only analysis of 'memory/' and explicitly states it will not modify memory files, but the implementation creates a secretary_data_dir under memory/ and writes files (reports, JSON, SQLite DB filenames are referenced), which is a modification of the workspace. There's also a mismatch in paths: install instructions say to unzip into ~/.openclaw/skills/ but the code defaults workspace_root to '/home/admin/openclaw/workspace'—if the wrong workspace is used the skill may attempt to read or write unexpected filesystem locations. The runtime instructions are otherwise local-only (no network endpoints), but the file-write behavior contradicts the 'read-only' claim.
Install Mechanism
No install spec is provided (manual unzip / copy as described), so nothing arbitrary is downloaded at install time. The risk surface comes from the provided Python code itself rather than an external installer. That reduces supply-chain risk, but you should still inspect the included source files before running.
Credentials
The skill declares no required environment variables or credentials and the visible code uses only local filesystem and standard-library modules (sqlite3, hashlib, difflib, etc.), which is proportionate to its stated purpose. One caution: the hard-coded default workspace path (/home/admin/openclaw/workspace) may cause the skill to operate against unexpected directories if a user does not explicitly set workspace_root.
Persistence & Privilege
The skill does not request always:true and allows normal autonomous invocation. It will create its own data under memory/secretary and will create/modify local DB and JSON files inside the workspace — persistent data but limited to its workspace scope. This is expected for a tool that stores reports/indices, but it contradicts the SKILL.md claim '不会修改我的记忆文件' (won't modify my memory files) and warrants user attention.
What to consider before installing
This package looks like a local memory-analysis tool, but there are several red flags you should resolve before installing or running it:
- Missing files: src/__init__.py imports modules (smart_adaptive, daily_check, pilot_check) that are not present in the manifest, and tests reference many scripts and a memory/ directory that are not packaged. Ask the author for the full package or a corrected manifest.
- Read vs write mismatch: SKILL.md says it won't modify memory files, yet the code creates a secretary data directory and writes JSON/SQLite files inside memory/. If you want read-only analysis, insist the author document exactly what files are created and where.
- Workspace paths: the default workspace_root is /home/admin/openclaw/workspace; explicitly pass a workspace_root you control when constructing MemorySecretaryLite to avoid accidental reads/writes outside your intended area.
- Safety steps before running: (1) Inspect all src/*.py for network calls or subprocess.exec usage (none were obvious in the truncated code, but check the full files). (2) Run the package in an isolated environment (container or VM) and with a backup of your real memory/ directory. (3) Prefer running with a temporary test workspace that contains representative memory/ files. (4) Run the provided tests locally and review failures — many tests expect files that are missing, which could indicate incomplete packaging or hidden runtime assumptions.
If the author can supply the missing modules and explain the on-disk writes (and update SKILL.md to accurately reflect them), the package would be more coherent; until then treat it as incomplete and proceed with caution.Like a lobster shell, security has layers — review code before you run it.
latestvk97dzz2skppd88vgbt71ypzasx84v22w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.