Skillv1.0.0

ClawScan security

memos-memory-guide · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 3:25 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: This instruction-only skill is internally consistent: it explains how to use the MemOS local memory tools and only calls the memory/skill management APIs it describes, but because the package has no provenance and it enables public-writing and skill-publishing behaviors you should review privacy and sharing before enabling it.
Guidance: This skill is coherent with its stated purpose, but take simple safety steps before enabling it: 1) Confirm the agent's permissions for installing/publishing skills and writing to public memory; require human approval for publish/install actions if possible. 2) Never write secrets, passwords, private tokens, or sensitive personal data into public memory; treat memory_write_public as a high-leverage operation. 3) Review any task_summary output before sharing or using it elsewhere (it may include file paths, commands, or URLs). 4) Note the skill has unknown provenance (no source/homepage); if you require stronger assurance, ask for a published source or repository before trusting it in production.

Review Dimensions

Purpose & Capability: okThe name/description claim to provide guidance for using MemOS local memory and the SKILL.md only references memory and skill-management tools (memory_search, memory_get, memory_write_public, task_summary, skill_get/search/install/publish/unpublish, etc.). All required capabilities map to the stated purpose.
Instruction Scope: noteThe instructions stay within the memory/skill domain and do not request unrelated files, binaries, or environment variables. However, the guide explicitly advises writing to public memory and using task_summary (which can return URLs, file paths, commands, error codes). That is expected for a memory/skill guide but is a privacy surface — avoid writing or promoting storage of private or secret data in public memory.
Install Mechanism: okNo install spec and no code files — instruction-only skill. There is no download or installation risk from this package itself.
Credentials: okThe skill requests no environment variables, credentials, or config paths. The guidance references only the provided memory/skill tools; there are no unrelated credential requests.
Persistence & Privilege: noteThe skill explains use of APIs that can install/publish skills and write public memory. The skill itself is not marked always:true. The combination of autonomous agent invocation (platform default) plus the ability to publish skills or write public memory increases blast radius if the agent is allowed to run without guardrails — consider limiting automatic publishing/writing or adding approval steps.