ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Memory Keeper

Copy and snapshot all important agent context (MEMORY.md, memory/*.md, AGENTS.md, SOUL.md, etc.) into a dedicated archive directory or repo. Use this skill when you want to back up your memories, context, or configuration files in preparation for maintenance, corruption recovery, or transferring to another host.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.8k · 5 current installs · 6 all-time installs
by@CrimsonDevil333333
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The code and SKILL.md match the stated purpose: copying memory/*.md and specific top-level docs into a target archive and optionally committing/pushing to git. Minor incoherence: the skill metadata lists no required binaries, but the implementation uses the 'git' CLI via subprocess when commit/push options are used; the README and references mention git but the metadata should declare git as a dependency.
Instruction Scope
Runtime instructions and the script stay within the stated backup/snapshot purpose. The script appends a log entry into memory/YYYY-MM-DD.md (explicitly documented), preserves directory structure, and supports copying extra globs via --allow-extra. Those extra-glob and --remote/--push options are useful for the feature but allow the user to include arbitrary files (including secrets) and to push archives to any remote URL — expected for a backup tool but worth caution.
Install Mechanism
No install spec (instruction-only skill with included Python script and tests). Nothing is downloaded or extracted during install; code is bundled in the skill. This is low install risk.
Credentials
No environment variables or credentials are declared or required by metadata. The script may require git credentials when pushing to a remote; SKILL.md/README explain token/SSH usage. Because the skill can be pointed at an arbitrary remote and supports embedding tokens in URLs (per the docs), users should avoid providing sensitive credentials to unknown remotes and be cautious with --allow-extra globs that could include secrets. The metadata could be clearer about the optional need for git and credential configuration.
Persistence & Privilege
always:false and user-invocable:true — the skill does not request permanent inclusion or elevated privileges. It does modify workspace memory logs (it intentionally writes a log entry) and writes into the target archive directory, which is expected behavior for a backup tool. It does not modify other skills' configs or system-wide settings.
Assessment
This skill appears to do exactly what it claims: back up your agent memory files and optionally commit/push them to a git repo. Before installing or running it: (1) ensure you have git installed if you plan to use --commit/--push; (2) set the --target to a local path you control and review the archive after a dry run to confirm only intended files were copied; (3) be careful with --allow-extra — it can include any file/glob from your workspace (avoid adding secrets, keys, or tokens); (4) when using --remote/--push, only push to repositories you control — embedding credentials in remote URLs or pushing to unknown remotes can exfiltrate data; (5) note the tool appends a timestamped entry to memory/YYYY-MM-DD.md (it modifies your workspace logs) — if you want a read-only snapshot, inspect the code or run it against a copied workspace first. If you want higher assurance, review the bundled scripts (memory_sync.py) and run the unit tests locally.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk976w8ah3jk4mvehtb5t66xnhh80j1yk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Memory Keeper

Memory Keeper is a simple CLI that copies the critical OpenClaw context files (daily memory logs, DESCRIPTION.md, personality documents, heartbeat reminders) into a safe archive destination and optionally commits/pushes them to a configured git repo. It keeps the same file layout so you can restore or inspect the history without grabbing the whole workspace.

Features

  • Snapshots: Copies memory/*.md, MEMORY.md, AGENTS.md, SOUL.md, USER.md, TOOLS.md, HEARTBEAT.md, and optional extras into the archive path while preserving directory structure.
  • Git-friendly: If the target archive is a git repo, Memory Keeper can initialize it, create commits, and push changes to your remote branch (configurable via CLI flags).
  • Portable: Works on any platform; just point --workspace to a workspace root containing those files.

Get started

python3 skills/memory-keeper/scripts/memory_sync.py --target ~/clawdy-memories --commit --message "Sync up" --remote https://github.com/your-org/clawdy-memories.git --push

See references/usage.md for configuration tips, automation recipes, and a troubleshooting guide.

Resources

Files

5 total
Select a file
Select a file to preview.

Comments

Loading comments…