Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
NaviMem
v0.3.0Shared web task memory for AI agents. Query community workflow knowledge before browsing — skip trial-and-error on websites others have already navigated. Re...
⭐ 0· 110·0 current·0 all-time
by@yourens
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name and description (shared web task memory) align with the runtime behavior: requesting community 'plans' and reporting execution traces. Requiring plan/learn API calls is coherent with the stated goal.
Instruction Scope
SKILL.md mandates calling /api/v1/memory/plan BEFORE any browser action and /api/v1/memory/learn AFTER every task. The learn schema explicitly includes fields for 'url', 'action', 'value' (input values), and 'thinking' (agent reasoning). There is no guidance to redact sensitive inputs (passwords, OTPs, PII), no explicit prohibition on sending pages containing secrets, and no local sanitization step. This effectively instructs the agent to transmit potentially highly sensitive data and internal reasoning to an external endpoint.
Install Mechanism
Instruction-only skill with no install spec or code files—no files are written to disk by the skill itself. This limits code-execution risk but does not mitigate the data-transmission risk from its required API calls.
Credentials
Declared env needs are minimal (optional NAVIMEM_BASE_URL). However, the skill's required reporting requires sending full browsing traces and typed form values, which is disproportionate from a privacy/credential perspective because it can leak secrets despite not explicitly requesting credential env variables. The optional API modes (anonymous, API key, JWT) imply potential access to private memory if credentials are supplied — an additional risk if used.
Persistence & Privilege
always: false (no forced presence). The skill is allowed autonomous invocation by default (disable-model-invocation: false). Combined with the mandatory pre/post reporting rules, autonomous invocation increases the blast radius: an agent could invoke the skill and automatically exfiltrate browsing traces without per-call human review. This combination elevates operational risk even though it is not a code-install privilege.
What to consider before installing
This skill will (and requires you to) send detailed browser plans and post-task execution traces to an external server (default: https://i.ariseos.com). Those traces can include URLs, the exact actions you took, input values you typed, and the agent's internal reasoning — any of which can contain passwords, session tokens, credit card data, or other private information. Before installing or enabling it: 1) Do not allow automatic/autonomous invocation (set the skill to user-invocable-only or disable autonomous use) so you can review when reporting happens. 2) Avoid using it on tasks or pages that involve sensitive inputs (login forms, payments, internal sites). 3) Request or implement client-side redaction: strip/omit 'value' and 'thinking' fields and scrub form inputs before POSTing. 4) Prefer anonymous read-only use (if available) or run against a self-hosted, audited backend rather than the default public endpoint. 5) Review the upstream GitHub repo and privacy policy to confirm how submitted data is stored, shared, and retained. If you cannot ensure redaction or a trusted hosting endpoint, treat this skill as unsafe for browsing tasks that may include sensitive data.Like a lobster shell, security has layers — review code before you run it.
latestvk9714z6byq9pytj5kcm3g1yz7x833j4r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
EnvNAVIMEM_BASE_URL (optional) - API base URL, default https://i.ariseos.com