Skillv0.1.1

ClawScan security

Hippocampus Memory Core · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 11:45 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: Instruction-only memory helper that is internally consistent with its stated purpose, but it references external configuration (S3/Hipokamp and an onboarding skill) and has no provenance or declared credentials, so verify setup before trusting it in production.
Guidance: This is an instruction-only 'memory' skill that appears coherent, but you should: 1) confirm where the Hippocampus/S3 configuration and credentials are stored (the skill defers to a separate onboarding flow rather than asking for keys itself); 2) inspect and vet the referenced 'hippocampus-openclaw-onboarding' and related components before use; 3) ensure the storage backend (S3/Hipokamp) has least-privilege credentials, encryption, and access controls; and 4) avoid writing sensitive PII or secrets into persistent memory unless you’ve audited access controls and retention policies. Because the package has no homepage/source listed, treat it as unvetted until you can validate its provenance.

Review Dimensions

Purpose & Capability: noteThe skill's name and description (deterministic external memory using S3-Hipokamp) match the SKILL.md guidance. However, the skill does not declare any required environment variables or credentials; it instead instructs agents to check for existing 'Hippocampus configuration' and to defer to a separate onboarding skill if missing. This separation is plausible but worth noting because the skill itself does not request or document where credentials/config live.
Instruction Scope: okSKILL.md contains high-level usage guidance only (when to store/search/snapshot/restore memory). It does not instruct the agent to read arbitrary local files, exfiltrate data, call third‑party endpoints outside the expected Hippocampus components, or access unrelated environment variables. Instructions restrict actions to memory-related operations and to handing off to an onboarding flow if configuration is absent.
Install Mechanism: okNo install spec or code files are present (instruction-only), so nothing will be written to disk or executed. This is the lowest-risk install posture.
Credentials: noteGiven the S3/Hipokamp integration implied by the description, one would normally expect declared credentials or at least documented config paths. The skill declares none and instead relies on external configuration (and a separate onboarding skill). That can be a reasonable design choice, but users should confirm where and how Hippocampus credentials/configuration are managed and that the onboarding skill is trustworthy.
Persistence & Privilege: okSkill is not marked 'always: true' and is user-invocable. It does not request to modify other skills or global agent settings in its instructions. Autonomous invocation is allowed (platform default) but not combined here with elevated privileges.