ClawHub
Back to skill
v1.0.0

Memory Curator

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:27 AM.

Analysis

Memory Curator is a local memory-digest tool, but its helper script builds read/write paths from an unvalidated date argument, so malformed input could access or overwrite files outside the intended digest area.

GuidanceReview this skill before installing. It appears purpose-aligned and local-only, with no evidence of network exfiltration, but the script should be tightened to accept only real YYYY-MM-DD dates and to avoid overwriting unintended paths. If you use the suggested cron workflow, make sure generated memory summaries are reviewed before they are committed or reused.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/generate-digest.sh
DATE="${1:-$(date -u +%Y-%m-%d)}"
LOG_FILE="$MEMORY_DIR/$DATE.md"
DIGEST_FILE="$MEMORY_DIR/digests/$DATE-digest.md"
...
cat > "$DIGEST_FILE" << EOF

The first script argument is inserted directly into both input and output file paths, and the output file is overwritten, without validating that the value is actually a date or rejecting path separators.

User impactIf the agent or user supplies a malformed date-like value, the script may read from or write to locations outside the intended memory digest folder.
RecommendationValidate the argument against a strict YYYY-MM-DD pattern and reject values containing slashes, dots used for traversal, newlines, or other path-control characters before building file paths.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Set up end-of-day cron to auto-generate skeletons:
...
Task: Run generate-digest.sh, fill Summary/Learnings/Tomorrow, commit

The artifact suggests optional scheduled automation that would keep generating and committing memory artifacts after setup.

User impactIf enabled, the cron workflow could make daily persistent changes to memory files without a fresh manual command each time.
RecommendationOnly enable scheduled automation intentionally, and consider requiring human review before committing generated or filled-in memory files.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
memory/
├── INDEX.md
├── digests/
├── topics/
└── daily/
...
Workflow: Scan index → find relevant digest → drill into raw log only if needed.

The skill is designed to create persistent memory digests and indexes that future agent sessions may read and rely on.

User impactGenerated digests may preserve sensitive names, activities, open questions, or misleading information from logs and influence future agent behavior.
RecommendationReview generated digests before relying on them as memory, avoid including secrets, and keep the memory directory private.