Skillv1.0.4

ClawScan security

Unified Self Improving · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 6:06 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is internally consistent with its stated purpose: a local, file-based CLI for managing self-improvement records; it reads/writes under ~/.openclaw/workspace/memory and contains no network exfiltration or unexpected credential requests.
Guidance: This skill appears coherent and implements a local, file-based memory/learning manager. Before installing, review and optionally run the scripts in a sandbox: 1) verify the repository origin (homepage is missing), 2) ensure you have required CLI tools (jq, grep, etc.), 3) note that data is stored under ~/.openclaw/workspace/memory by default (or wherever MEMORY_ROOT points) — back up any important data, and be cautious if you set MEMORY_ROOT to a different path, 4) the namespace delete command uses rm -rf with an interactive prompt — pay attention to the prompt, and 5) if you need network isolation, run the skill in an environment without network access. If you want higher assurance, inspect the listed scripts line-by-line (they are plain shell) or run them with --help and in a disposable directory first.

Review Dimensions

Purpose & Capability: okName/description describe a local self-improvement/memory manager and the included scripts implement exactly that: CLI commands to log/query/move/index/namespace/manage sessions and detect patterns. There are no extraneous credentials, remote endpoints, or unrelated binaries required.
Instruction Scope: okSKILL.md and the scripts direct the agent to operate on local files under ~/.openclaw/workspace/memory (index.jsonl, hot/warm/cold JSONL/MD files). The instructions and code only read/write those paths and do not instruct collection or transmission of unrelated system data or secrets.
Install Mechanism: okThere is no install spec that downloads arbitrary code at install time. The repository includes shell scripts and docs only; those scripts run locally and do not fetch remote artifacts. Risk is low, but the scripts assume standard CLI tools (jq, grep, mv, mktemp, etc.), so ensure required utilities are present and trusted.
Credentials: okThe skill declares no required environment variables or credentials. The code does honor optional environment overrides MEMORY_ROOT and SKILL_ROOT which can change where data is stored—this is functional but worth noting because an env override could redirect storage to another location if misset.
Persistence & Privilege: okalways: false and model invocation is allowed (platform default). The skill only writes to its own workspace and memory directories; it does not modify other skills or system-wide agent configs. Namespace deletion prompts for confirmation before rm -rf.