Skillv1.1.1

ClawScan security

Mema Brain · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 6:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required environment variables are consistent with a local SQLite index plus an ephemeral Redis-backed short-term buffer; nothing in the package appears to deviate from that stated purpose.
Guidance: This skill appears to do what it says: maintain a local SQLite metadata index and use a Redis namespace for ephemeral state. Before installing, confirm you trust the Redis endpoint you will configure—pointing REDIS_HOST to a remote or untrusted server will expose your short-term context to whoever controls that Redis instance (SKILL.md warns this). Note: the DB path is hard-coded to ~/.openclaw/memory/main.sqlite (env.example suggests DB_PATH but the script does not use it). The package only requires the redis Python library; review the small scripts/mema.py file yourself if you want full assurance. If you need encrypted/authenticated Redis, modify the script to support REDIS_PASSWORD or run a local, secured Redis instance.

Review Dimensions

Purpose & Capability: okName and description match the artifacts: the package contains a Python script that manages a local SQLite metadata index and reads REDIS_HOST/REDIS_PORT to operate an ephemeral Redis namespace. Required binaries and the single dependency (redis library) are proportionate to the described functionality.
Instruction Scope: noteRuntime instructions and the script stay within the stated domain (initializing a local DB, recording file paths/tags, and setting/getting/clearing Redis keys). One minor inconsistency: env.example.txt mentions DB_PATH but the script ignores DB_PATH and uses a hard-coded ~/.openclaw/memory/main.sqlite; SKILL.md warns about pointing REDIS_HOST to trusted instances (correct), but the claim 'All data is stored locally' only holds if Redis is local/trusted.
Install Mechanism: okNo remote downloads or opaque installers. The SKILL.md recommends running 'pip install -r requirements.txt' which only installs the redis PyPI package—an expected, low-risk dependency.
Credentials: okOnly REDIS_HOST and REDIS_PORT are required. No unrelated credentials, secrets, or config paths are requested. Note: the script does not accept a REDIS password or auth token (no REDIS_PASSWORD), so it expects either unauthenticated or otherwise-trusted Redis endpoints.
Persistence & Privilege: okThe skill does not request elevated privileges and is not permanently forced on (always:false). It writes its own data to ~/.openclaw/memory and does not modify other skills or system-wide settings.