Skillv0.1.2

ClawScan security

BenOS Memory Core · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 17, 2026, 12:16 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a small, local runtime memory reader for files under ~/.openclaw/workspace/benos/runtime and is internally consistent with its purpose, though its documentation slightly overstates write capabilities.
Guidance: This skill simply reads two files in your home workspace (~/.openclaw/workspace/benos/runtime/state.json and last-session.md) and returns their contents. Before installing, review those files for any sensitive data (API keys, passwords, secrets, or PII) since the skill (and any agent using it) could expose their contents. Note the SKILL.md mentions write capability but the included code does not implement a write API — data changes must be made by editing files directly. The skill has no install script and no external network calls, but it comes from an unknown source with no homepage; prefer packages from trusted authors, and restrict which agents/skills are allowed to invoke this module if those files contain confidential information.

Review Dimensions

Purpose & Capability: noteThe name/description claim a runtime/volatile memory module and the code reads the stated state file and last-session file under ~/.openclaw/workspace/benos/runtime — this matches the declared purpose. Minor mismatch: SKILL.md suggests 'agent-controlled read/write' via index.js, but index.js only implements reading (hydrate) and a no-op run; it does not expose a write API.
Instruction Scope: noteSKILL.md instructs agents to use skill commands for read/write or edit files directly. The runtime instructions and the code are narrowly scoped to reading two files in the user's home workspace. The skill will return file contents from state.json and last-session.md, so the agent could surface any sensitive data stored there. The code does not reference other system paths or external endpoints.
Install Mechanism: okNo install spec is provided (instruction-only skill with a small native entry file). Nothing is downloaded or written during install; only a 953-byte index.js is included. Low install risk.
Credentials: noteThe skill declares no required environment variables or credentials. The code uses process.env.HOME implicitly to locate files (standard and expected) but HOME was not listed in requires.env — this is typical but worth noting. No other credentials, keys, or external services are requested.
Persistence & Privilege: okalways is false and model invocation is allowed (platform default). The skill does not request persistent system-wide privileges or modify other skills' configs. It only reads files within a subdirectory of the user's home.