v0.1.0

People Memories

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

The skill matches its people-memory purpose, but it automatically saves voice-derived personal details and describes background Telegram reminders without clear opt-in, scope, or data-boundary controls.

GuidanceReview this skill before installing. Only use it if you are comfortable with personal notes about people being stored in `~/.clawdbot/people-memory.json`, potentially captured automatically from voice transcripts, and possibly sent as reminder digests over Telegram. Look for explicit confirmation, deletion, logging, and notification-channel controls before enabling the extension or any cron job.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

A helper cron job runs ... each morning

A recurring cron job is background persistence that continues outside the immediate user request, and the artifacts do not provide a clear install, disable, or schedule-control mechanism.

User impactThe skill may continue producing reminder activity after the original memory task, which can surprise users if they did not intend ongoing automation.

RecommendationMake recurring automation opt-in, provide uninstall/disable instructions, and keep the schedule and output channel visible to the user.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

extensions/people-memories/index.js

execFile("python3", args, { stdio: "ignore" }, (err) => {

The extension runs a local Python script. This is expected for the advertised voice-to-memory feature and uses execFile with fixed program invocation, but it is still local command execution.

User impactInstalling the skill allows its extension to launch the bundled Python helper when matching transcript text is seen.

RecommendationKeep the helper path fixed, avoid shell execution, and disclose Python/runtime requirements in the skill metadata.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none ... Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.

The package has limited provenance and no declared runtime/install requirements despite including an extension and Python helper, so users have less assurance about origin and dependency expectations.

User impactThe skill may fail or behave unexpectedly if Python or Python dependencies are missing, and users cannot easily verify the project source.

RecommendationPublish a source homepage, declare Python and Python package requirements, and align metadata with the included executable extension.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

`~/.clawdbot/people-memory.json` now stores ... `notes` ... and `The index updates in the background, and we keep confirmations quiet unless you explicitly ask for them.`

The skill stores personal notes in persistent memory and explicitly keeps automatic capture confirmations quiet, so incorrect, sensitive, or unintended transcript-derived memories may be reused later without an obvious review point.

User impactPrivate details about people can be saved and later recalled by the assistant even if the capture was accidental or misheard.

RecommendationAdd an explicit confirmation or review mode for voice-captured memories, document retention/deletion controls, and make it easy to inspect or remove saved notes.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

A helper cron job runs `python3 skills/people-memories/scripts/people_memory.py reminders --days 0 --window 7 --format message` each morning and delivers the resulting digest over Telegram

The documentation declares an external Telegram delivery path for personal event data, but the artifacts do not define destination, credential handling, opt-in, or data-minimization boundaries.

User impactBirthdays, anniversaries, and related personal notes could be sent to an external messaging channel in a way the user has not clearly configured or approved.

RecommendationRequire explicit user setup and consent for Telegram delivery, declare any needed credentials/configuration, and document exactly what data is sent and to whom.