Back to skill
Skillv2.0.1
ClawScan security
Openclaw Memories · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 25, 2026, 1:07 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement the described memory components and only needs LLM API keys for the Observer, but the registry metadata does not declare those environment variables and there are a few small mismatches you should understand before installing.
- Guidance
- This package implements a local meta-learning optimizer and local file indexer plus an Observer that calls third-party LLM APIs. Before installing: (1) be aware the Observer will send conversation text to external LLM endpoints — only provide API keys you trust and scope them appropriately; (2) the registry metadata does not declare the required env vars (OPENAI_API_KEY / ANTHROPIC_API_KEY or passing apiKey), so the platform may not prompt you to supply them — you must supply a key in config or env; (3) the indexer reads Markdown files from whatever workspace path you give it, so point it only at directories you intend it to index; (4) if you need Gemini support, confirm how you will supply the Google key (the SKILL.md omits a named env var); (5) consider testing in a sandboxed environment first and review the upstream GitHub repo (author/email present) for additional context. These are coherence/visibility issues rather than evidence of malicious behavior, but they matter for secure operation.
Review Dimensions
- Purpose & Capability
- noteThe code implements ALMA (local), Indexer (local file indexing), and Observer (remote LLM calls) which matches the skill name/description. However the registry metadata lists no required env vars/credentials while the SKILL.md and the observer code clearly require an LLM API key (OpenAI/Anthropic/Google GEMINI key passed as apiKey). This metadata mismatch is unexpected and should be corrected by the publisher.
- Instruction Scope
- okRuntime instructions and SKILL.md confine network calls to LLM provider APIs (OpenAI, Anthropic, Gemini) and file reads to workspace Markdown files. The Observer sends conversation text to third‑party LLM endpoints (expected behavior). The SKILL.md documents limitations (in-memory DB, simplified ranking) which align with the code.
- Install Mechanism
- okThere is no install spec in the registry (instruction-only), and the README suggests installing/publishing via npm or cloning the GitHub repo. No unusual download URLs, extract steps, or native binaries are present; package.json lists no runtime dependencies. Low install risk from this package itself.
- Credentials
- concernObserver requires an LLM API key (the code checks process.env.OPENAI_API_KEY or process.env.ANTHROPIC_API_KEY or accepts apiKey in config). The registry metadata nevertheless lists no required env vars, so the skill will operate only if keys are provided but a user or system might not be warned. Also SKILL.md mentions Gemini but does not name a specific environment variable for the Google API key — the code expects the caller to pass apiKey or embed it in the URL. Requiring an LLM key is proportional to the Observer feature, but the metadata omission is a coherence/visibility problem and could lead to inadvertent exposure of keys if misconfigured.
- Persistence & Privilege
- okThe skill is not force-included (always: false), does not request system-level privileges, and does not modify other skills or global configuration. It reads files from the workspace only when the indexer is invoked with a workspace path supplied by the caller.