ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Harbor — Curated and shared Memory for AI Agents

v0.4.11

Persistent cross-session memory, credential isolation, and schema learning for your OpenClaw agent. Stores data locally at ~/.harbor/ (memory, encrypted keyc...

0· 128·0 current·0 all-time
byJiaxi@zx13719
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (persistent memory, credential isolation) match what the skill requires: a 'harbor' binary, access to ~/.harbor/, and OS keychain. Declared network endpoints (harbor-cloud.*) align with the described optional cloud sync feature.
Instruction Scope
SKILL.md instructs the agent to register Harbor as an MCP tool and to route API calls and memory operations through it. That scope is appropriate for a memory/credential proxy, but be aware that responses fetched via harbor are processed by Harbor's memory/schema pipeline and may be persisted locally and (if you enable sync) uploaded as summarized/encrypted data. The skill does not instruct reading unrelated system files or asking for unrelated env vars.
Install Mechanism
Install is a 'go install' of github.com/oseaitic/harbor@latest which builds from upstream source (auditable). This is reasonable for an open-source tool, but @latest causes the installer to fetch whatever is current at install-time (not pinned); building from remote source requires network access and a Go toolchain.
Credentials
No environment variables or unrelated credentials are requested. Access to the filesystem (~/.harbor/) and OS keychain is necessary and proportionate for storing memory and encrypted credentials. The design implies Harbor will hold (encrypted) secrets on behalf of the agent — that is the whole point, but it means you must trust Harbor's encryption/key-handling implementation.
Persistence & Privilege
always:false (not force-included). The skill writes to its own config path (~/.harbor/) and uses the OS keychain — privileges are consistent with its purpose. Autonomous invocation by the model is allowed (default), which is normal; nothing indicates the skill modifies other skills or system-wide agent settings.
Assessment
This skill appears to be what it claims: a local-first memory and credential manager that optionally syncs encrypted data to a hosted service. Before installing: (1) verify the GitHub repository and signed tags the README references; (2) consider pinning the install to a specific released tag instead of @latest to avoid unexpected changes; (3) understand that API responses routed through Harbor may be stored in ~/.harbor/ and, if you opt into cloud sync, summarized/encrypted data will be uploaded — enable cloud sync only if you trust the remote service; (4) review how the fallback file-based keychain is seeded (passphrase vs local keyfile) so you understand the security of on-disk ciphertext. If you cannot or will not audit the upstream code, treat Harbor as a high-trust component because it will hold your API credentials (encrypted) and persistent memories.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtypdpn1m8njvz5d3fpqzt9837c8d

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
OSmacOS · Linux
Binsharbor

Install

Go
Bins: harbor

Comments