Nm Memory Palace Review Chamber
PassAudited by ClawScan on May 9, 2026.
Overview
This instruction-only skill appears aligned with its purpose, but it persistently stores PR-review knowledge and may rely on GitHub/PR-review permissions, so users should check storage and token scope.
Before installing, decide whether automatic capture is acceptable for your repositories, verify where memory-palace data is stored and who can read it, set retention/sanitization expectations for security or incident details, and keep any GitHub/PR-review credentials narrowly scoped.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
PR-review findings may be added to the project memory palace automatically, influencing future searches and review context.
The workflow can automatically create persistent review entries and update palace connections after a PR review. This is disclosed and matches the skill purpose, but it is still a state-changing automatic action.
1. **Automatically**: After `sanctum:pr-review` completes Phase 6 ... H[Create ReviewEntry] ... I[Add to project palace] ... J[Update connections]
Use automatic capture only if desired, and review generated entries or configure related tooling to require confirmation for sensitive projects.
If used with broad GitHub or repository credentials, related PR-review workflows could act with more account authority than necessary.
The capability signals indicate that related operation may involve OAuth or sensitive credentials. This is plausible for PR/GitHub review integration, but the registry metadata does not declare a primary credential.
requires-oauth-token; requires-sensitive-credentials
Use least-privilege tokens or OAuth scopes limited to the needed repositories and PR-review actions, and verify which related Night Market configs provide credentials.
Sensitive review discussions or security lessons could persist in project memory and be resurfaced in future tasks.
The skill intentionally retains some PR-review knowledge permanently, including potentially sensitive security, data-loss, and incident information.
| 80-100 | **Evergreen**: Capture immediately, permanent retention | ... ## Mandatory Capture - Security vulnerabilities with fix - Data loss scenarios - Production incident learnings
Confirm where palace memory, indexes, embeddings, and caches are stored; restrict access; and avoid capturing secrets or sensitive incident details unless retention is intended.