critical
suspicious.env_credential_access
- Location
- src/extraction/extractor.ts:168
- Finding
- Environment variable access combined with network send.
Memento
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Past conversations may become persistent context for future agent responses, including across sessions and agents depending on visibility settings.
Why it was flagged
The plugin persistently stores conversation-derived memory and reuses it in future prompts, which is expected for this skill but can influence later agent behavior if incorrect or sensitive facts are captured.
Skill content
Captures every conversation turn... auto-recalls relevant knowledge before each AI turn
Recommendation
Review the stored memory, disable autoCapture or autoRecall if unwanted, and periodically delete or correct facts that should not affect future work.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
If a cloud provider is configured, conversation text used for extraction may leave the local machine.
Why it was flagged
The skill clearly discloses that enabling extraction can transmit conversation text to a configured model provider; this is purpose-aligned but sensitive.
Skill content
When `autoExtract` is enabled, conversation segments are sent to your configured LLM provider for fact extraction.
Recommendation
Use a local Ollama model for fully local operation, or only enable extraction with a provider whose data handling you trust.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Configured provider credentials may be used to run extraction or query-planning calls.
Why it was flagged
The plugin may use provider API keys or OpenClaw routing credentials for LLM extraction. This is expected for provider integration, but users should know which credentials are available to the skill.
Skill content
optionalEnv: ... ANTHROPIC_API_KEY ... OPENAI_API_KEY ... MISTRAL_API_KEY ... CLAUDE_CODE_OAUTH_TOKEN
Recommendation
Prefer scoped provider keys, avoid enabling unused providers, and verify that extraction is disabled when cloud use is not desired.
NoteMedium Confidence
ASI10: Rogue AgentsWhat this means
Memory consolidation or relation-building could run in the background and alter stored facts or graph relationships.
Why it was flagged
The documentation describes scheduled/background memory maintenance. It appears purpose-aligned, but it means the plugin may continue processing stored memory outside an active conversation if scheduled.
Skill content
Deep Sleep │ cron (3 AM) ──► deepConsolidate ──► decay + merge + refresh
Recommendation
Check whether any cron or scheduler integration is enabled, and disable scheduled consolidation if you only want manual memory processing.