Skillv1.0.9

ClawScan security

Fluid Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 3:48 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with a local, file-based memory/archive tool using ChromaDB; nothing in the bundle looks purposely malicious, but there are privacy and robustness concerns you should be aware of before installing.
Guidance: This skill appears to do what it says: a local, ChromaDB-backed memory system that logs conversations and applies decay/archive rules. Key things to consider before installing: 1) Privacy: every 'message:sent' may be appended to ~/.openclaw/workspace/database/conversation_log.txt in plaintext; sensitive data will be stored locally unless you disable the hook or clear files. 2) Encryption/permissions: if others share the machine, enable disk encryption and restrict file permissions on the workspace directory. 3) Chroma dependency: without chromadb installed the skill degrades or returns errors for major features — ensure you install the declared Python packages or accept limited functionality. 4) Hook behavior: the included hook will actively log messages when enabled; disable the hook if you don't want passive logging. 5) Review/verify code: one of the source files showed a truncation marker in the provided package listing — inspect the full fluid_skill.py before trusting behavior. 6) Robustness/platform notes: the code uses Windows-style paths in places and has fallbacks for different Chroma APIs; test on your environment. If any of these concerns are unacceptable, do not install or disable the hook and/or delete the local data directory after uninstall.

Review Dimensions

Purpose & Capability: okName/description (a local 'fluid' memory system) matches what is included: Python scripts, a hook that logs messages, and optional ChromaDB integration. Declared dependencies in SKILL.md (python, chromadb, pyyaml) align with the code. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope: noteSKILL.md instructs the agent to call local CLI wrappers (python wrapper.py ...) and to rely on OpenClaw's memory flush. The included hook writes every user message to a local conversation_log.txt — this is within a memory skill's scope but is an important privacy surface: messages are logged in plaintext and persist locally until processed/archived. The SKILL.md states auto_learn=false, but the hook still records all messages to disk awaiting flush — this is functionally consistent but worth highlighting.
Install Mechanism: okThere is no remote install/download in the spec — the skill is instruction-and-code-only. All code is bundled in the package; no external URLs or extract steps are present. Risk from install mechanism is low.
Credentials: okThe skill requests only a Python runtime (declared) and the SKILL.md lists python packages chromadb and pyyaml. No environment variables, keys, or unrelated credentials are requested. This matches the stated purpose.
Persistence & Privilege: noteThe skill does persistent local storage under ~/.openclaw/workspace/database/ and includes a daemon (dream_daemon.py / maintenance.py) that will archive and hard-delete items based on thresholds. always:false and user-invocable:true are appropriate. The hook (if enabled) will log every 'message:sent' event — so the skill can collect/retain conversational content passively on the host; this is expected for a memory skill but increases privacy exposure.