Skillv4.0.0

ClawScan security

Memory Complete · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 13, 2026, 2:04 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The package largely matches a 'complete memory' system, but some included features (OSINT/attack-chain storage, multi‑platform integration, security-scan hooks) and omitted file contents create gaps that could enable unexpected network or data access — review the remaining scripts before trusting it.
Guidance: This package appears to implement a comprehensive local memory system and most visible code is consistent with that purpose. However: 1) Several files were truncated/omitted from the review; inspect the remaining scripts (especially ollama_embedding.py, tom_engine.py, retrieval_strategies.py, and the verify scripts) for any HTTP calls, remote endpoints, or code that transmits stored data. 2) Check whether the Ollama integration or any other module makes network requests to non-local hosts (the default ollama URL is localhost:11434, which is fine, but confirm no hard-coded external endpoints). 3) The project advertises multi-platform connectors and OSINT/security features but declares no credentials — only enable or supply tokens after verifying where and how they are used. 4) Run the init/verify scripts in a sandbox or non-production environment first, and review the verify scripts' behavior (they may perform checks that contact external services). If you want, provide the omitted files and I can re-evaluate those network/IO behaviors specifically.

Review Dimensions

Purpose & Capability: noteThe name/description match the code you can see: SQLite-backed memory tables, retrieval strategies, emotional analysis, Theory-of-Mind, and a MemPalace API are implemented and justified. However the README/SKILL.md advertise multi-platform connectors (Feishu/Telegram/Discord), internet acquisition (Agent-Reach), and security/OSINT features while the package declares no required credentials. The presence of tables named security_scans, vulnerability_findings, osint_intel, and attack_chains is plausible for a memory/security research tool but also expands the threat surface relative to a simple local memory system.
Instruction Scope: noteRuntime instructions are limited to creating a memory/database directory and running the provided init/verify Python scripts, which is appropriate. The SKILL.md and code reference optional integrations (Ollama embedding, Agent-Reach, multi-platform inputs, security scanning) but do not provide explicit instructions or required env vars for connecting to external services; that ambiguity grants the skill broad discretion if later configured and is worth auditing. No instructions explicitly read unrelated system paths or request secrets in the visible files.
Install Mechanism: okThere is no external download/install mechanism; files are local Python scripts and a package.json listing standard dependencies (numpy, requests, sqlite3). No archives or remote installers are used, which reduces install-time risk.
Credentials: noteThe manifest declares no required environment variables or credentials, which is good. However the feature set claims external platform integrations (Feishu/Telegram/Discord), Ollama embedding, and OSINT/security scanning; these typically require tokens or network access. The package.json includes 'requests' (network library) and omitted source files could initiate HTTP calls. The lack of declared env vars combined with advertised external integrations is a mismatch — either the integrations are disabled by default (ok) or the code will attempt network calls when configured (requires review).
Persistence & Privilege: okThe skill does not require always:true and does not request system-wide changes in the visible code. Its actions are limited to creating/initializing a database under memory/database and running its own scripts. There is no evidence it modifies other skills or global agent configuration.