Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
memory-core-plus
v1.0.2Enhances OpenClaw memory by auto-recalling relevant past data before each turn and auto-capturing key info after each run for persistent context.
⭐ 0· 193·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and source code are coherent: the plugin registers memory hooks, performs vector search via the memory search manager, and uses an LLM subagent to extract and persist memories. No unrelated environment variables or binaries are requested.
Instruction Scope
SKILL.md and the code precisely describe pre-turn recall and post-run capture. The capture path delegates writing to a subagent instructed to append to memory/YYYY-MM-DD.md — this gives the plugin (via the platform subagent) the ability to write workspace files, which is expected for a memory provider but worth noting. The SKILL.md includes examples of prompt-injection patterns only as blocked inputs (they are not being injected).
Install Mechanism
There is no remote download/install spec in the manifest; installation is via the OpenClaw plugin mechanism (openclaw plugins install). No arbitrary URLs, archive extraction, or shorteners are used.
Credentials
The skill declares no required environment variables, credentials, or config paths. Its runtime actions (search manager, subagent runs, writing memory files) are consistent with being a memory plugin and do not request unrelated secrets.
Persistence & Privilege
always:false (normal). The plugin registers persistent hooks (autoRecall/autoCapture) and uses a subagent to append to workspace memory files — this is appropriate for a memory provider but means it will persist user conversation content to disk unless configured otherwise.
Scan Findings in Context
[ignore-previous-instructions] expected: This pattern appears in the SKILL.md and safety code as a prompt-injection detection marker (the project filters such phrases before capture). Its presence is defensive, not an instruction to the LLM.
[you-are-now] expected: Used in the plugin's list of injection patterns to detect/jailbreak attempts; expected for a memory capture filter.
[system-prompt-override] expected: The SKILL.md and safety.ts reference common jailbreak phrases for detection. These scanner hits align with the plugin's stated safety checks.
Assessment
This plugin appears to do what it says: automatically surface past memories and append extracted facts to workspace memory files. Before installing, consider: (1) persistent storage — autoCapture appends conversation-derived facts to memory/YYYY-MM-DD.md, so private or sensitive data may be persisted; (2) subagent file writes — the plugin delegates extraction and file writes to a subagent (standard for memory providers) so confirm you trust the plugin source; (3) configuration options — you can disable autoCapture or autoRecall if you want manual control; (4) provenance — the package points to a GitHub repo but the registry source is 'unknown' here, so verify the upstream repo and its author if you need stronger assurance. If you are uncomfortable with automatic persistence, set autoCapture:false and/or review the code and repository before enabling.README.md:162
Prompt-injection style instruction pattern detected.
README.zh-CN.md:162
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latestvk976wzwwgsx2qgnncmc5c0zfvs832dsn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.