Skillv1.1.8

ClawScan security

Huahua Dream · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 6:55 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, scripts, and runtime instructions are consistent with its stated purpose of reading and maintaining local AI memory files and performing periodic 'dream' / reflection cycles; it does not request unrelated credentials or perform network installs.
Guidance: This skill appears coherent and implements the documented safeguards (backups, two-stage delete, change thresholds). Before installing: (1) Be aware that it will read your session logs and memory files (MEMORY.md, SOUL.md, memory/), so any sensitive data in those files will be processed by the agent; consider sanitizing or isolating sensitive content. (2) During setup the tool asks to auto-approve automatic runs — if you want review control, decline auto-approve so changes are proposed (MEMORY.md.proposed) rather than applied automatically. (3) The SKILL.md mentions sending reports but doesn't specify transport; verify where the agent will post notifications in your environment. (4) Run initial tests in an isolated workspace or with a copy of your memory files to confirm behavior before enabling a cron job.

Review Dimensions

Purpose & Capability: okThe name/description (nightly memory整理/自省) match the provided scripts and SKILL.md: setup.js detects workspace and writes dream-config.json; dream.js performs gate checks, session counting, and lock/timestamp writes. No unrelated environment variables, binaries, or external services are required.
Instruction Scope: noteSKILL.md instructs the agent to read and write MEMORY.md, SOUL.md, memory/ and session logs (under .openclaw/agents). This is appropriate for the stated purpose, but the agent is given semantic discretion to scan session files and generate summaries — which means sensitive conversation content will be processed. The skill documents safeguards (backups, two-stage deletion, >50% proposed file flow) but does not detail how 'notifications' or completion reports are delivered.
Install Mechanism: okNo install spec; scripts are included and are invoked by the user/agent. Nothing is downloaded from external URLs and no archives are extracted. Low install risk.
Credentials: okThe skill requires no environment variables or external credentials. Its file reads (workspace files and agent session directories) are proportional to its goal of aggregating/curating local memory and counting sessions.
Persistence & Privilege: okalways is false and the skill does not request elevated system privileges. It writes its own config to assets/dream-config.json and manages a .dream-lock inside the memory area — behavior consistent with its purpose. It does not modify other skills' configurations.