Skillv1.0.38

ClawScan security

mem9.ai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 5, 2026, 1:01 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only onboarding/uninstall helper for the mem9 OpenClaw plugin; its requested actions (installing @mem9/mem9, editing specific openclaw.json keys, capturing or provisioning an API key) match its stated purpose and do not ask for unrelated credentials or system-wide changes.
Guidance: This skill appears coherent with its purpose: it will guide installing @mem9/mem9, edit only mem9-specific keys in openclaw.json, and either accept a pasted MEM9_API_KEY or auto-provision one. Before installing, verify you trust the mem9 upstream (the SKILL.md points to https://github.com/mem9-ai/mem9 and https://mem9.ai/openclaw-memory). Note that the API key will be written into your openclaw.json config — ensure you are comfortable storing that key there. The setup flow may temporarily use an npm mirror (one-shot NPM_CONFIG_REGISTRY override) only as a fallback; it will not change your global npm config without your explicit request. If you are concerned about autonomous invocation, consider disabling model invocation for the skill or requiring manual invocation; otherwise the skill still requires an explicit approval phrase before making install/uninstall changes. Finally, be aware that if you use the create-new path from a remotely loaded SKILL.md that contains utm_* parameters, those utm_* pairs may be copied into provisioning params (limited attribution data).

Review Dimensions

Purpose & Capability: okThe skill's name and description (mem9 persistent cloud memory plugin onboarding) align with the instructions: installing the @mem9/mem9 package, editing mem9-specific openclaw.json keys, and performing restart/verification flows. The declared primary credential (MEM9_API_KEY) is expected for a cloud memory integration. No unrelated binaries or credentials are requested.
Instruction Scope: okRuntime instructions are narrowly scoped to setup, reconnect, troubleshooting, and uninstall flows. They explicitly limit edits to specific openclaw.json keys, require a dry-run preview and single explicit approval, avoid uploading local history, and prohibit arbitrary web probes or global npm registry changes unless explicitly requested. The instructions do involve reading/writing openclaw.json and using the openclaw CLI and npm view checks — all consistent with the stated purpose.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files. The prescribed install actions call the host's npm/openclaw tooling (openclaw plugins install) and use registry-aware npm view checks. There are no external downloads or archives referenced. Risk is limited to using the system's package manager and CLI as intended.
Credentials: okOnly the mem9 API key is needed (primaryEnv MEM9_API_KEY). No unrelated secrets or environment variables are required. The flow documents how the API key is captured (user-provided or auto-provisioned) and that it will be written to the plugin config keys — this is proportionate to enabling a cloud memory plugin. One minor privacy note: in create-new flows, utm_* query params from a remotely-loaded SKILL.md URL may be copied into provisionQueryParams for attribution; this is limited but should be understood by the user.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system modification beyond writing mem9-specific openclaw.json keys and installing the plugin via the package manager. It requires user approval before making changes and documents restart behavior. Autonomous invocation is permitted (platform default) but the skill's flow enforces explicit approvals for install/uninstall actions.