memory-lancedb-pro

https://clawhub.ai/api/v1/skills/memory-lancedb-pro-skill-main/file?path=SKILL.md&version=1.0.0

github.com/clawhub.ai/memory-lancedb-pro-skill-main

Scanned Thu, 28 May 2026 16:20:55 GMT

Scan ID crawl-gbrrcc4wma3g5ruz7q4rpa7u · 6ms

SCORE 0 / 100

Verdict: Do not install

11 critical findings.

This skill exfiltrates environment secrets (${OPENAI_API_KEY}) plus 11 other issues listed below.

11 critical0 high1 medium0 rules passed

Why grade F?

score · 0 / 100

The current grade reflects 11 critical findings (any 2+ CRITs → F).

11 CRIT0 HIGH1 MED0 LOW

To reach a higher grade

D
Reach Dtarget score 30
Resolve 10 of your 11 CRIT findings — any single CRIT still keeps you at D.
C
Reach Ctarget score 55
Resolve all 11 CRIT findings.
B
Reach Btarget score 75
Resolve all 11 CRIT.
A
Reach Atarget score 95
Resolve all 11 CRIT.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Findings · ordered by severity

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 175CWE-200

▾

173 "extractMaxChars": 8000,

174 "llm": {

175 "apiKey": "${OPENAI_API_KEY}",← references ${OPENAI_API_KEY} — potential credential leak

176 "model": "gpt-4o-mini",

177 "baseURL": "https://api.openai.com/v1"

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 216CWE-200

▾

214 "extractMaxChars": 8000,

215 "llm": {

216 "apiKey": "${OPENAI_API_KEY}",← references ${OPENAI_API_KEY} — potential credential leak

217 "model": "gpt-4o-mini",

218 "baseURL": "https://api.openai.com/v1"

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 242CWE-200

▾

240{

241 "embedding": {

242 "apiKey": "${OPENAI_API_KEY}",← references ${OPENAI_API_KEY} — potential credential leak

243 "model": "text-embedding-3-small",

244 "baseURL": "https://api.openai.com/v1"

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 253CWE-200

▾

251 "extractMaxChars": 8000,

252 "llm": {

253 "apiKey": "${OPENAI_API_KEY}",← references ${OPENAI_API_KEY} — potential credential leak

254 "model": "gpt-4o-mini",

255 "baseURL": "https://api.openai.com/v1"

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 694CWE-200

▾

6921. **Gateway restart required after any change**: After installing, enabling, disabling, updating, or changing config in `openclaw.json`, you MUST run `openclaw gateway restart` — changes are NOT hot-reloaded.

6932. **Workspace plugins are DISABLED by default**: After git clone, you MUST add `plugins.allow: ["memory-lancedb-pro"]` AND `plugins.entries.memory-lancedb-pro.enabled: true` — without these the plugin silently does not load.

6943. **Env vars in gateway process**: `${OPENAI_API_KEY}` requires env vars set in the *OpenClaw Gateway service* process—not just your shell.← references ${OPENAI_API_KEY} — potential credential leak

6954. **Absolute vs. relative paths**: For existing deployments, always use absolute paths in `plugins.load.paths`.

6965. **`baseURL` not `baseUrl`**: The embedding (and llm) config field is `baseURL` (capital URL), NOT `baseUrl`. Using the wrong casing causes a schema validation error: "must NOT have additional properties". Also note the required `/v1` suffix: `http://localhost:11434/v1`, not `http://localhost:11434`. Do not confuse with `agents.defaults.memorySearch.remote.baseUrl` which uses a different casing.

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 750CWE-200

▾

748| `memory-lancedb-pro: plugin not found` / plugin silently not loading | `plugins.allow` missing (git-clone install) or `enabled: false` | Add `plugins.allow: ["memory-lancedb-pro"]` and set `enabled: true`, then restart |

749| `Unknown plugin id` validation error | Plugin referenced in `entries`/`slots` before it's discoverable | Install/register the plugin first, then add config references |

750| `${OPENAI_API_KEY}` not expanding / auth errors despite env var set | Env var not set in the **gateway process** environment | Set the env var in the service that runs OpenClaw gateway, not just your shell |← references ${OPENAI_API_KEY} — potential credential leak

751| Hooks (`before_agent_start`, `agent_end`) not firing | Gateway not restarted after install/config change | Run `openclaw gateway restart` |

752| Embedding errors with Ollama | Wrong `baseURL` format | Must be `http://localhost:11434/v1` (with `/v1`), field must be `baseURL` not `baseUrl` |

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 766CWE-200

▾

764 "embedding": {

765 "provider": "openai-compatible",

766 "apiKey": "${OPENAI_API_KEY}",← references ${OPENAI_API_KEY} — potential credential leak

767 "model": "text-embedding-3-small"

768 },

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 803CWE-200

▾

801 "enableManagementTools": false,

802 "llm": {

803 "apiKey": "${OPENAI_API_KEY}",← references ${OPENAI_API_KEY} — potential credential leak

804 "model": "gpt-4o-mini",

805 "baseURL": "https://api.openai.com/v1"

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 855CWE-200

▾

853 "smartExtraction": true,

854 "llm": {

855 "apiKey": "${OPENAI_API_KEY}",← references ${OPENAI_API_KEY} — potential credential leak

856 "model": "gpt-4o-mini",

857 "baseURL": "https://api.openai.com/v1"

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 1177CWE-200

▾

1175 "extractMaxChars": 8000,

1176 "llm": {

1177 "apiKey": "${OPENAI_API_KEY}",← references ${OPENAI_API_KEY} — potential credential leak

1178 "model": "gpt-4o-mini"

1179 }

crit

Skill references secret env var ${OPENAI_API_KEY}

The skill instructions reference `${OPENAI_API_KEY}`, which contains a credential. If an attacker can lure the agent into including this in an outbound URL or message, the credential leaks.

rule: env-var-harvestingline: 1186CWE-200

▾

1184```json

1185{

1186 "embedding": { "apiKey": "${OPENAI_API_KEY}", "model": "text-embedding-3-small" },← references ${OPENAI_API_KEY} — potential credential leak

1187 "smartExtraction": true

1188}

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

Scan another →Share

skillox.io/r/crawl-gbrrcc4wma3g5ruz7q4rpa7u