Back to skill
Skillv0.1.0
ClawScan security
Openclaw Never Forget · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 1:07 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior is coherent with its stated purpose (a file-based memory system): it reads/writes local memory/ markdown files on a schedule and on-demand, with no external installs or credentials required — but it will persist user context to disk and its background writing behavior deserves attention.
- Guidance
- This skill is internally consistent with a local, file-based memory system, but before installing consider: (1) Where are the memory/ files stored (local disk, cloud, container)? Ensure you control and understand persistence and backups. (2) The agent will append logs every ~30 minutes during active sessions and when instructed — review retention and delete policies if needed. (3) Avoid having the agent capture raw secrets; review memory/MEMORY.md and daily logs for accidentally stored sensitive material (API keys, passwords). (4) Confirm file permissions and encryption for memory/ to prevent unauthorized access. (5) Test the skill in a controlled environment to observe exactly what it writes, then decide whether to keep, restrict, or remove it. If you want stronger guarantees, ask the maintainer (if available) to document storage location, retention, and redaction rules explicitly.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: the SKILL.md describes a local memory system that creates daily logs and a global MEMORY.md, extracts insights, and performs periodic snapshots. Nothing requested (no binaries, no env vars, no installs) is inconsistent with a filesystem-based memory engine.
- Instruction Scope
- noteInstructions direct the agent to create and append to files under memory/YYYY-MM-DD.md and memory/MEMORY.md, take 30-minute snapshots during 'active sessions', and extract long-term facts. This is within the skill's purpose, but the runtime directives give the agent broad discretion to write persistent logs regularly and to choose what to summarize. The skill also suggests using tools like memory_get/memory_search if available — which may access other memory systems if present. The SKILL.md does not specify retention, encryption, or access controls for those files.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Low install risk because nothing will be downloaded or written by an installer.
- Credentials
- noteNo environment variables, credentials, or config paths are declared or required. However, the skill explicitly stores user context (including 'API keys context (not raw)') into long-term memory, which could accidentally capture sensitive information. The lack of declared config paths is not harmful by itself but means the skill implicitly uses the agent's filesystem (memory/).
- Persistence & Privilege
- notealways:false (good). The skill runs background periodic writes during active sessions and will create persistent files in memory/. Autonomous invocation is allowed (platform default), which combined with the background snapshot behavior means the agent may autonomously append to disk while in active sessions. This is expected for a memory skill but increases the importance of checking where memory/ is stored and who can read it.