ClawHub

๐Ÿฉบ memory-health-check

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI03: Identity and Privilege Abuse
What this means

If this capability is actually granted, the agent could have authority to initiate paid actions or subscriptions unrelated to a memory health scan.

Why it was flagged

The purchase capability is not needed for local memory integrity, freshness, bloat, orphan, duplicate, or coverage diagnostics, and no explicit purchase approval flow is documented.

Skill content
Capability signals
- crypto
- can-make-purchases
Recommendation

Do not grant purchase/billing authority to this skill unless a separate, explicit, user-confirmed purchase workflow is documented and autonomous use is disabled for that action.

Note
ASI02: Tool Misuse and Exploitation
What this means

A mistaken orphan classification or overly broad cleanup could delete useful local memory files.

Why it was flagged

The repair tooling is deletion-capable. It is purpose-aligned and has a dry-run mode, but memory cleanup can still remove entries the user may want to keep.

Skill content
# Dry run (preview what would be deleted)
python3 scripts/auto_repair.py --dry-run

# Remove orphans (inbound-unlinked files)
python3 scripts/auto_repair.py --remove-orphans
Recommendation

Run dry-run first, review the proposed deletions, and back up important memory data before using auto-repair.

Note
ASI06: Memory and Context Poisoning
What this means

Reports may expose metadata about private memories, file paths, database tables, duplicate relationships, or stale entries, even though no network exfiltration is shown.

Why it was flagged

The skill intentionally reads persistent OpenClaw memory stores, including other agents' memory paths, to produce diagnostics.

Skill content
DISCOVER MEMORY PATHS
    โ€ข ~/.openclaw/workspace/memory/         (A-layer)
    โ€ข ~/.openclaw/memory/*.sqlite           (B-layer)
    โ€ข ~/.openclaw/workspace/*/memory/       (other agents)
Recommendation

Only run it where scanning these memory locations is acceptable, and review generated reports before sharing them.

Note
ASI04: Agentic Supply Chain Vulnerabilities
What this means

A user or agent following the recommendation may run a separate skill with its own risks and permissions.

Why it was flagged

The skill may recommend commands from another skill that is not declared as an installed dependency in the supplied metadata. The shown code records recommendations rather than automatically executing them.

Skill content
action="CRITICAL: Memory bloat is severe. Run dreaming-optimizer to consolidate entries.",
cli_command="~/.openclaw/workspace/skills/dreaming-optimizer/bin/optimize.sh"
Recommendation

Review and approve the referenced dreaming-optimizer skill separately before running its commands.