Skillv1.0.0

ClawScan security

Memory Guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 7:07 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested resources are consistent with its stated purpose (workspace integrity monitoring); it runs locally, reads/writes workspace files, and does not request external credentials or network access.
Guidance: This skill is coherent with its purpose: it runs locally, uses git and sha256 hashes, and logs to a .memory-guard folder. Before installing, note that (1) the tool will write logs and a hashes.json into your workspace and can modify files when you run 'stamp' or 'accept'; (2) 'accept all' will re-register current file states as trusted — only run that after human review; (3) it relies on common tools (python3, sha256sum, git); if you don't have python3 some features will fall back or fail. If you plan to allow autonomous agent invocation, restrict which commands the agent can run (avoid granting it the ability to run 'accept' automatically) or require a human approval step for accept/accept-all actions.

Review Dimensions

Purpose & Capability: okName/description match the delivered functionality: a local integrity checker that hashes workspace files, integrates with git, writes logs, stamps provenance, and provides verify/audit/accept/watch commands. There are no unrelated credentials, binaries, or external services required.
Instruction Scope: noteSKILL.md limits actions to local verification and recommends running verify before reading memory files — consistent with purpose. The runtime script, however, does modify workspace state: it writes .memory-guard/, log files, can prepend provenance stamps to arbitrary files, and provides an 'accept' command that will update stored hashes (including 'accept all'). These are expected for this tool but are important side effects the operator must approve.
Install Mechanism: okInstruction-only skill with a bundled Bash script; no install spec, no downloads, and no network fetches. The script uses common system utilities (sha256sum, stat, git, python3) — reasonable for its functionality.
Credentials: okNo required environment variables or credentials are declared. The script optionally honors MEMORY_GUARD_DIR as a directory override (reasonable). It does not attempt to read other env-vars or external secrets.
Persistence & Privilege: notealways:false (no forced global presence). The skill writes its own .memory-guard data and logs in the workspace (expected). Be aware that if the agent invokes the skill autonomously, commands like 'accept all' could be executed without a human review step, which would re-register the current (possibly tampered) state as trusted.