ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Memory OS

v0.1.21

OpenClaw Memory-OS - Digital immortality service with conversation recording infrastructure (Phase 1) | 数字永生服务对话记录基础设施(第一阶段)

0· 497·0 current·0 all-time
byJustin Liu@zhenstaff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The stated purpose (local conversation-memory storage) reasonably requires a CLI/runtime (Node/npm) and local storage under ~/.memory-os. However the registry metadata above lists no required binaries while SKILL.md explicitly requires Node.js >=18 and npm and a global npm install; this mismatch is incoherent and should be clarified.
!
Instruction Scope
SKILL.md instructs installing an external npm package and running a CLI that can scan arbitrary filesystem paths and create ~/.memory-os/. That capability is consistent with the skill's goal but the documentation contains conflicting claims about privacy protections: SKILL.md claims confirmation prompts, privacy filter, and path protection in v0.3.0, while the included readme documents older behavior (v0.2.2) where auto-trigger saved immediately and the privacy filter was not integrated. If you install the package version that lacks these safeguards, the CLI could collect sensitive files. The skill also includes keywords for auto-triggering saves — enabling that autonomously would broaden its access to the user's conversation/content.
Install Mechanism
There is no embedded code in the skill bundle; SKILL.md directs a global npm install (npmjs.com). Installing an npm package globally is a common delivery method but executes third-party code and modifies system PATH (moderate risk). The install guidance even explicitly warns about code execution and recommends inspecting the package first, which is good practice.
Credentials
The skill does not request environment variables, credentials, or config paths beyond suggesting it will create and use ~/.memory-os/. No extraneous secrets are requested in the metadata. That is proportionate to a local-memory tool, but because the CLI can scan user directories, filesystem access is the primary sensitive capability.
Persistence & Privilege
always:false and no special platform privileges are requested. The only persistent effect is installing a global CLI binary and creating ~/.memory-os/. This is expected for a CLI tool, but combined with autonomous invocation (platform default) and the ability to enable AUTO-TRIGGER, it could lead to repeated/automatic collection if the installed package implements that feature without safeguards.
Scan Findings in Context
[none_detected] expected: No regex-based findings because the skill bundle contains only documentation and no code files. Absence of findings is not proof of safety — the SKILL.md instructs installing an external npm package which was not analyzed here.
What to consider before installing
Do not install blindly. Because this skill only provides instructions to install an external npm package (which will execute third-party code and can scan your filesystem), audit the package before installing: use npm pack to inspect its contents, check package.json for postinstall scripts and the exact published version, review the repository at the verified commit referenced in the SKILL.md (confirm which commit is authoritative), and run the CLI in an isolated VM or container with network disabled first. Never enable AUTO-TRIGGER or run broad collection commands (e.g., collect --source ~/) until you confirm the installed version actually implements the path protections, confirmation prompts, and privacy filter it claims. If you lack the ability to fully audit, prefer not to install globally; instead run in a throwaway VM or avoid enabling autonomous agent invocation.

Like a lobster shell, security has layers — review code before you run it.

agent-memoryvk973pk4jfpx6tfhwzcmgjvft2h82efn3ai-memoryvk973pk4jfpx6tfhwzcmgjvft2h82efn3cognitive-continuityvk973pk4jfpx6tfhwzcmgjvft2h82efn3digital-immortalityvk973pk4jfpx6tfhwzcmgjvft2h82efn3knowledge-managementvk973pk4jfpx6tfhwzcmgjvft2h82efn3latestvk97dt99n68cqrm52ec0ybdnwdn83x7jzmemoryvk973pk4jfpx6tfhwzcmgjvft2h82efn3openclawvk973pk4jfpx6tfhwzcmgjvft2h82efn3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments