ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memora - Personal Knowledge Base (RAG)

v1.1.0

Memora — A self-hosted RAG (Retrieval-Augmented Generation) personal knowledge base. Built with FastAPI + Qdrant + DashScope/OpenAI Embedding + DeepSeek/Open...

1· 85·0 current·0 all-time
byProbieren@zzlzzlzzl15
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (personal RAG knowledge base) aligns with the provided artifacts. The only required environment variable is KB_API_BASE (the backend URL) which is appropriate for a client that makes HTTP calls to a Memora backend. The included Python client (scripts/kb_api.py) performs search, upload, create, list, and detail operations that match the described features.
Instruction Scope
Runtime instructions tell the agent to run the included Python client with commands like upload/create/search. The client reads a file path when performing uploads and sends the file contents to KB_API_BASE: this is expected behavior for a document ingest feature, but it means the agent (or user prompts) can cause arbitrary local files to be read and transmitted to the configured backend. Ensure uploads are limited to intended files and that KB_API_BASE points to a trusted service.
Install Mechanism
There is no install spec (instruction-only skill) and only a small stdlib-only Python script is included. Nothing is downloaded at install time and no external packages are required by the client, which keeps install risk low.
Credentials
The skill only requires KB_API_BASE. This is proportional to a client that must know where the Memora backend lives. No unrelated secrets, tokens, or config paths are requested.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not require system-wide configuration changes. It can be invoked autonomously (platform default), which is expected for skills of this type.
Assessment
This skill appears coherent and matches its description, but be mindful of two practical risks: (1) Uploads will read the local file path you provide and POST its contents to the server at KB_API_BASE — do not upload sensitive files unless you absolutely trust that backend. (2) KB_API_BASE can be any URL; if you set it to a remote/untrusted endpoint, the service will receive your queries, documents, and returned context. Prefer running the Memora backend locally (KB_API_BASE=http://127.0.0.1:8080) or on a trusted host, review the backend's source (SKILL.md links a GitHub repo) before connecting to unknown endpoints, and avoid giving the skill any credentials or backend URL that you wouldn't trust with your documents.

Like a lobster shell, security has layers — review code before you run it.

aivk97c0p9qj336c4rq4bfa6947xn83ss99fastapivk97c0p9qj336c4rq4bfa6947xn83ss99knowledge-basevk97c0p9qj336c4rq4bfa6947xn83ss99latestvk97c0p9qj336c4rq4bfa6947xn83ss99memoravk97c0p9qj336c4rq4bfa6947xn83ss99qdrantvk97c0p9qj336c4rq4bfa6947xn83ss99ragvk97c0p9qj336c4rq4bfa6947xn83ss99semantic-searchvk97c0p9qj336c4rq4bfa6947xn83ss99

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvKB_API_BASE

Comments