Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Workbuddy Add Memory
v3.0.1为WorkBuddy添加更智能的记忆管理功能:自动知识蒸馏→智能检索→工作前回忆
⭐ 0· 213·1 current·1 all-time
by@zcg007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code and files align with a memory-management skill: task detection, memory retrieval, distillation and a start_work entrypoint. However SKILL.md claims 'standard-library-only' and 'no external dependencies', while other files (INSTALLATION_AND_TEST.md, requirements.txt and several modules) reference and import third-party packages (yaml, toml, scikit-learn, numpy, pandas, etc.). That mismatch suggests the README/metadata understates runtime requirements.
Instruction Scope
SKILL.md describes running scripts like start_work.py, distill_memory.py and retrieve_memory.py and claims file operations are restricted to a configuration directory. The code (config_loader.default_config and memory loader usage) shows the skill will read user home paths (~/.workbuddy/unified_memory, ~/.workbuddy/skills, ~/.workbuddy/global_summaries, ~/.workbuddy/learnings) and write outputs/caches under ~/.workbuddy/preparation_output and cache dirs. Tests spawn subprocesses (subprocess.run) and scripts write JSON/MD reports. These are coherent with the feature set but contradict the SKILL.md's narrow 'only config directory' claim and 'no external network/commands' assertion (see install/test scripts and subprocess usage).
Install Mechanism
Registry shows no install spec (instruction-only), but the repo contains requirements.txt, an install_and_test.sh, and INSTALLATION_AND_TEST.md that documents pip installs (using mirrors) and third-party libs. That means installation will likely install external packages — contrary to SKILL.md's 'standard-library-only' and 'no external dependencies' statements. Because there's no formal install descriptor in the registry, the install process depends on those scripts and the user, increasing risk if you assume 'no install'.
Credentials
The registry lists no required env vars or credentials (good), and the code doesn't request cloud credentials. However there are inconsistencies: SKILL.md documents environment variables named MEMORY_DISTILLATION_ROOT and MEMORY_DISTILLATION_CONFIG, whereas config_loader looks for environment variables prefixed with WORKBUDDY_MEMORY_ (e.g. WORKBUDDY_MEMORY_MAX_RESULTS). This mismatch means the SKILL.md and code disagree on how to configure the skill. Also the default memory_sources point to multiple locations under the user's home directory (~/.workbuddy/...), so the skill will read many user files — this is proportional to the declared purpose but users should be aware it will access home-directory data.
Persistence & Privilege
The skill does not request 'always: true' and does not require special system privileges. It writes config, caches and output under ~/.workbuddy (per docs and code) and may save config files in a config/ subdirectory. That level of persistence is consistent with a local memory-management tool, but you should expect it to create and modify files in your home directory (~/.workbuddy/...).
What to consider before installing
What to check before installing or running this skill:
1) Dependency and install mismatch: SKILL.md claims 'standard-library-only' and 'no external dependencies', but the repository includes requirements.txt and INSTALLATION_AND_TEST.md listing scikit-learn, numpy, pandas, yaml, toml, etc. Inspect requirements.txt and install_and_test.sh before running; prefer installing in an isolated environment (virtualenv or container).
2) Env var name mismatch: SKILL.md documents MEMORY_DISTILLATION_ROOT and MEMORY_DISTILLATION_CONFIG, but config_loader reads WORKBUDDY_MEMORY_* environment variables. Confirm which env vars the installed version actually uses, and set them only after reviewing config_loader.get_memory_sources() behavior.
3) File access: The skill will read and write files under your home (~/.workbuddy/*), including ~/.workbuddy/unified_memory, ~/.workbuddy/skills and preparation_output. If you have sensitive data under those paths, back them up or test in a sandbox copy first.
4) Network and external commands: The SKILL.md asserts 'no network' and 'no system commands', but documentation and install scripts indicate pip installs and tests use subprocesses. Search the code for network-capable modules (requests, urllib, socket) and for subprocess/exec usage (start_work and test scripts invoke subprocesses). If you need an offline guarantee, run static searches or run in an air-gapped environment.
5) Source provenance: Source/homepage is unknown and author is an alias (zcg007). The repository contains many autogenerated test/reports claiming a security audit — do not treat those as a substitute for your own review. Prefer skills from known/trusted publishers or verify the code yourself.
6) Recommended safe steps:
- Clone and inspect start_work.py, distill_memory.py, install_and_test.sh and requirements.txt before executing.
- Run the code in a disposable container or VM, not on a production machine.
- Grep the code for 'requests', 'socket', 'urllib', 'subprocess', 'open(' with absolute paths, and any hardcoded endpoints or IP addresses.
- If you proceed, run in a virtualenv and monitor file writes to ~/.workbuddy and network activity.
If you want, I can (A) list the third-party packages from requirements.txt, (B) search the codebase for network or suspicious calls, or (C) highlight the exact lines where env var names and memory source defaults are set.Like a lobster shell, security has layers — review code before you run it.
ai-agentvk977we9vp195mtgycn8y3kt81s82zy8mlatestvk97aw32rx2nm51ntfc2cbjzfhx82y6wfmemoryvk977we9vp195mtgycn8y3kt81s82zy8mworkbuddyvk977we9vp195mtgycn8y3kt81s82zy8m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.