ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawhub Memory Engine

v5.0.2

MemGPT-style persistent memory with passive auto-capture — your agent remembers everything automatically. 20 tools + 2 hooks. Five-layer architecture: core i...

0· 37·1 current·1 all-time
by@ytangguo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (MemGPT-style persistent memory) aligns with the tools and hooks listed (archival, graph, episodes, reflection). However the SKILL.md also mentions 'agent instruction patching', 'legacy data migration', 'maintenance crons', and interactive setup — capabilities that go beyond simple memory storage and should be justified (why patch agent instructions? what legacy sources will be accessed?).
!
Instruction Scope
The instructions tell an operator/agent to install an external plugin and run a home-directory setup script (~/.openclaw/extensions/memory-engine/setup.sh) and restart the gateway. Runtime behavior promises passive capture of 'every message' and automated migrations/cron jobs. That implies broad read/write access to conversations and possible modification of agent configuration; the SKILL.md does not enumerate safeguards, data destinations, or exact migration sources.
Install Mechanism
There is no bundled code in this skill; instead the SKILL.md instructs installation of @icex-labs/openclaw-memory-engine via the OpenClaw plugin system (npm/GitHub links provided). Downloading and running a setup.sh from the installed extension is a moderate risk pattern — npm/GitHub are usual release hosts, but the setup script will be executed locally and could modify agent/runtime state.
!
Credentials
The skill requests no explicit environment variables or credentials, but its passive capture behavior means it will collect all conversation content (potentially highly sensitive). It also promises legacy data migration and agent patching without disclosing data sources or access controls. The lack of declared storage/back-end or access control details makes the requested level of data access disproportionate to what is documented.
!
Persistence & Privilege
Although not set to always:true, SKILL.md describes installing maintenance crons, self-healing backfills, and agent instruction patching — persistent behaviors that change runtime and could run autonomously. Those privileges should be clearly documented and limited; the skill does not describe what periodic tasks do or how they are authorized.
What to consider before installing
This skill is plausible for a memory system, but it instructs you to install an external plugin and run a setup script that will: capture every message, perform migrations, patch agent instructions, and install background jobs. Before installing, (1) review the plugin's source code and the exact setup.sh script on the linked GitHub/npm package; (2) confirm where memories are stored (local vs remote), encryption at rest/transit, retention and deletion controls, and who can access them; (3) test in an isolated environment or staging agent first; (4) ask the author to document exactly what 'agent instruction patching' and migration steps modify; and (5) if you handle sensitive data, prefer explicit consent, scoped capture, and auditable access controls or decline installation until these questions are answered.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fh8ebwa6jeytrdd2xf0x7h1842zwx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments