Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Memorist Agent
v0.1.0Memorist Agent — helps you capture your parents' and family members' life stories through adaptive interviews via WhatsApp, WeChat, or direct conversation. O...
⭐ 0· 165·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill is an oral-history / interview agent and the declared capabilities (local storage under ~/.openclaw, WhatsApp/relay modes, optional STT via mlx-whisper / openai-whisper) line up with its stated purpose. Allowed tools (file_read, file_write, whatsapp_send_message, fetch, web_search) are plausible for interviewing, transcript lookup, and optional media/API calls.
Instruction Scope
The SKILL.md instructs the agent to read/write narrator data under ~/.openclaw/memorist_agent/, copy template files, spawn isolated narrator agents, and add peer-level bindings to ~/.openclaw/openclaw.json. Those actions are within the skill's domain but expand scope to system-level config (bindings) and creating independent agents. Also: the instructions explicitly create a narrator agent system prompt (AGENTS.md) and instruct it to operate silently (save first, then reply). That is expected for 'spawn' behavior but is a higher-privilege operation and worth human review. The SKILL.md also contains an instruction to reply even if a save failed (retry once, then reply anyway) which could cause data-not-saved situations — this is an operational oddity to be aware of.
Install Mechanism
Install steps are limited to installing local STT tools: pip3 install mlx-whisper (Apple Silicon) and a Homebrew formula openai-whisper. These are standard package distribution mechanisms (pip/homebrew) rather than arbitrary downloads. No remote archive/extract URLs or unknown servers were requested.
Credentials
The skill declares no required environment variables, no external API keys, and no unexpected credential requests. The permissions it needs (filesystem access under ~/.openclaw and the ability to call Openclaw gateway commands or gateway bindings) are proportionate to its functionality. There are no unrelated secrets or credential asks in the metadata.
Persistence & Privilege
The skill instructs creating persistent, per-narrator agents and adding peer-level bindings to the user's global openclaw.json, which routes inbound messages directly to those spawned agents. That gives the spawned agents autonomous, persistent access to inbound messaging for the bound peer. While this matches the described auto-reply use-case, it is a relatively powerful and persistent change to your Openclaw configuration — examine the templates and produced agent workspace (AGENTS.md, owner.json, bootstraps) before spawning. Combine this with the included system-prompt content (see scan findings) and the overall blast radius is higher than a purely instruction-only skill.
Scan Findings in Context
[system-prompt-override] expected: The SKILL.md includes explicit instructions to write an AGENTS.md that becomes the narrator-agent's system prompt (this is expected for spawning per-narrator agents). However, this is exactly the pattern flagged by the scanner: skill-written system prompts can override/define agent behavior and must be reviewed carefully. The content contains explicit behavioral constraints that will be embedded into spawned agents (e.g., 'NEVER expose internal thinking', 'do it silently with tools'). That is legitimate for user privacy but also a potential prompt-injection vector if templates are maliciously altered.
What to consider before installing
This skill appears coherent with a local-first memoir tool, but it requests the installer create persistent per-narrator agents and to modify your Openclaw bindings and agent list. Before installing or running /memorist_agent spawn: 1) Inspect the template files (templates/memorist/*) and AGENTS.md that will be copied into the narrator workspace — this becomes the system prompt for the spawned agent. 2) Backup ~/.openclaw/openclaw.json and review any binding entries the skill proposes to add so you know which phone numbers/peers will be routed to new agents. 3) If you plan to enable voice transcription, confirm the pip/homebrew package names (mlx-whisper, openai-whisper) are the tools you want and install them manually if you prefer. 4) Be aware that spawned agents will run autonomously for their bound peer; only spawn agents for phone numbers/people you control. 5) If you are uncomfortable with automatic creation of agents or modifications to openclaw.json, use 'relay' or manual interview modes instead (no spawn needed). If you want a safer test, install in a disposable or backup environment first or run the skill without executing spawn/despawn steps.references/spawn-despawn.md:52
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk97b5y4399tj9p8jw0w4y8sbq582skbe
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📖 Clawdis
OSmacOS · Linux · Windows
Install
Install OpenAI Whisper via Homebrew (Intel Mac / Linux fallback)
Bins: whisper
brew install openai-whisper