ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Minimal Memory

v1.0.0

Maintain organized agent memory by tagging entries as GOOD, BAD, or NEUTRAL, storing essentials in MEMORY.md and daily logs for efficient search and cleanup.

0· 710·2 current·2 all-time
by@zencrust-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the delivered artifacts: scripts and SKILL.md implement a local memory system (daily logs, MEMORY.md, search, archive, cleanup). No unrelated binaries, services, or credentials are required.
Instruction Scope
SKILL.md instructs use of the included scripts and explains workflow. The scripts only read/write files under a workspace/memory directory and the workspace root; they do not call external services. Note: SKILL.md examples reference the skill script path (~/.openclaw/skills/minimal-memory/scripts/...), while the scripts themselves operate on MEMORY_DIR/WORKSPACE (defaults to $HOME/.openclaw/workspace), which is a minor path mismatch but functionally coherent.
Install Mechanism
No install spec; this is effectively an instruction+script bundle. Nothing is downloaded at install time, and no archive extraction or external package installs are present.
Credentials
The skill declares no required environment variables or credentials. The scripts do honor optional env vars (MEMORY_DIR and WORKSPACE) to override defaults; this is reasonable for configurability but means a user or another process could point the scripts at arbitrary directories—so avoid setting those env vars to sensitive system locations.
Persistence & Privilege
always:false and no attempts to modify other skills or global agent configuration. Script behavior is limited to the skill's own workspace area (by default) and does not request permanent system-wide presence or escalate privileges.
Assessment
This skill appears to do exactly what it says: manage local memory files. Before installing or running: (1) review and back up any existing $HOME/.openclaw/workspace and MEMORY.md to avoid accidental moves; (2) do not set MEMORY_DIR or WORKSPACE to sensitive system paths (e.g., /root, ~/.ssh, system config dirs) because the scripts will move or archive files based on those values; (3) archive.sh will move files older than 30 days (if they contain only NEUTRAL entries) into an archive subdirectory—run it manually first to confirm expected behavior; (4) there is no network or credential usage in the scripts, so network exfiltration is not evident, but you should still inspect any modifications you plan to make to the scripts or env vars. Overall the skill is internally coherent and low risk when used as intended.

Like a lobster shell, security has layers — review code before you run it.

latestvk975yex5s3me1s9tfyytcsvr09817z5m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments