Back to skill
Skillv1.0.0
ClawScan security
上下文管理 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 7:50 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it implements a local, file-based agent memory system and includes a Python script to distill daily notes into a MEMORY.md file; it requests no credentials, has no install step, and contains no network exfiltration or unrelated behavior.
- Guidance
- This skill appears to do what it says: manage agent context via local markdown files and a small Python distillation script. Before installing or enabling it, (1) review your existing workspace so the script won't process files containing secrets or API keys; (2) run the script with --dry-run first to see what it would extract; (3) avoid storing credentials or sensitive tokens in TOOLS.md, MEMORY.md, or daily memory files; (4) if you enable the suggested cron job, ensure logs and file permissions are restricted to your user; and (5) you can inspect the included scripts (memory_distill.py) — it performs only local read/write and parsing, with no network calls. If you want stronger safety, run the skill in a sandboxed workspace that contains only non-sensitive data.
Review Dimensions
- Purpose & Capability
- okThe name/description (agent context & memory management) matches the provided files and script. The included memory_distill.py and the SKILL.md's instructions directly implement the described five-layer file system and automated distillation; nothing requested (no env vars, no external binaries) is out of scope.
- Instruction Scope
- noteThe runtime instructions tell the agent to read and write workspace files (SOUL.md, USER.md, AGENTS.md, TOOLS.md, MEMORY.md, memory/*.md) and optionally schedule the distillation script via cron. This is coherent with the purpose but the agent will be reading/writing local files (including TOOLS.md which may describe machine-specific config). Users should avoid putting secrets or sensitive credentials in these text files because the skill will process their contents.
- Install Mechanism
- okNo install spec is provided (instruction-only plus a small Python script). This is the lowest-risk install model. The script is included in the package and runs locally; there are no downloads from remote URLs or package installs.
- Credentials
- noteThe skill requests no environment variables or credentials, which is proportionate. However SKILL.md and TOOLS.md may instruct users to record machine-specific settings and service connection info in plaintext files; that practice could lead to sensitive data being stored in memory files. The script also writes distill-state.json and MEMORY.md in the workspace—ensure those files don't contain secrets and set appropriate filesystem permissions.
- Persistence & Privilege
- okalways:false and normal invocation; the skill only writes/reads files within the user's workspace and optionally suggests a cron job. It does not modify other skills' configs or request elevated platform-wide privileges.