Skillv1.0.0

ClawScan security

Supermemory Free · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 12:23 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill does what it claims (store/search to api.supermemory.ai) but contains metadata inconsistencies about required credentials and an auto-capture cron that scans session memory and uploads extracted lines — the heuristics try to avoid secrets but could still leak sensitive data if installed without careful review.
Guidance: This skill implements the advertised cloud backup/search behavior, but take care before installing or enabling auto-capture: 1) Confirm and set SUPERMEMORY_OPENCLAW_API_KEY in the intended .env (the registry view you saw omitted it — that’s an inconsistency). 2) Review your memory/ logs (memory/YYYY-MM-DD.md) for any sensitive secrets, credentials, full tokens, or paths you do not want uploaded; the script's heuristics may miss them. 3) Use the auto-capture dry-run (--dry-run) first to see what would be uploaded. 4) If you don't want persistent uploads, do not run install_cron.sh (or inspect/modify the cron command to remove 'source .env' or restrict scope). 5) If you install the cron, monitor the created log file and the .capture_state.json dedup file; consider limiting file permissions. 6) Prefer manual store/search usage if you cannot guarantee that session memory is free of sensitive data. If you want a cleaner metadata view, ask the publisher to correct the registry metadata to list the required env var(s).

Review Dimensions

Purpose & Capability: concernThe code and SKILL.md clearly require a SUPERMEMORY_OPENCLAW_API_KEY and perform POSTs to https://api.supermemory.ai (store/search), which aligns with the described purpose. However, the registry summary at the top of this report incorrectly lists "Required env vars: none" while _meta.json and SKILL.md/CLI code declare SUPERMEMORY_OPENCLAW_API_KEY as required — this metadata mismatch is an incoherence that could mislead users about required secrets.
Instruction Scope: concernThe auto_capture.py scans local session memory files in WORKSPACE/memory (e.g., memory/YYYY-MM-DD.md), extracts candidate 'high-value' lines, and uploads them. The SKILL.md and code instruct installing a cron job that runs daily and sources .env. While there are skip patterns to avoid storing obvious passwords/tokens, the heuristics are fallible (and the code will happily upload paths, config lines, error traces, API endpoints, etc.). This means sensitive information present in memory logs could be uploaded unintentionally.
Install Mechanism: okThere is no remote install/download; the skill is instruction-plus-scripts. The provided install_cron.sh modifies the user's crontab to run the auto-capture daily and creates log files — expected behavior for an auto-capture feature. No external archives or unknown URLs are fetched during install.
Credentials: concernThe only secret the code needs is SUPERMEMORY_OPENCLAW_API_KEY, which is proportionate to the stated function. However, the code searches for .env in multiple directories (workspace paths, relative skill paths, and home) which increases the chance it will pick up keys from unexpected locations. Additionally, the registry metadata shown to users omitted the required env var, which is a misleading inconsistency.
Persistence & Privilege: noteThe skill does not request always:true and is not force-installed, but the optional install_cron.sh will create a persistent cron job (daily at 02:00 UTC) that runs autonomously and uploads content when present. If the cron is installed, the skill will have persistent periodic network access to upload extracted lines.