Back to skill
Skillv0.1.0
ClawScan security
3 layer of memory system · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 8:55 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with a session-persistent preference memory: it reads/writes a dedicated memory/context-infra directory and promotes repeated signals to a small, reusable profile.
- Guidance
- This skill is coherent with its stated purpose: it will read and write two files in memory/context-infra (observations.log and context-profile.md), automatically distill recurring preferences into axioms, and apply them as soft defaults across future conversations. Before installing, consider: (1) backup any existing context-profile.md if you manually maintain a profile — the skill will rewrite it during reflection; (2) avoid stating secrets or highly sensitive preferences in free text, since the skill persists short lines from your input; (3) decide whether you want automatic, cross-session learning or prefer to review changes before they’re applied — ask the author for an opt-in/preview step if you want manual approval of promoted axioms; (4) confirm the platform’s invocation behavior (the skill claims “always active” but registry shows always:false). If those points are acceptable, the skill appears internally consistent and proportionate.
Review Dimensions
- Purpose & Capability
- okName/description (persistent, cross-session preference memory) align with the instructions: reading/writing memory/context-infra, recording corrections/preferences, clustering into axioms. No unrelated binaries, env vars, or external services are requested.
- Instruction Scope
- noteSKILL.md limits operations to files under memory/context-infra and to three signal types (correction, stated-preference, retraction). This is within scope. Note: the skill rewrites context-profile.md during reflection and appends observations.log; that can overwrite any user-edited profile and will persist defaults applied across future conversations. Also, recorded strings could include sensitive info if the user states preferences containing secrets — the skill does not filter content beyond the 15-word guidance.
- Install Mechanism
- okInstruction-only skill with no install spec or code files — lowest install risk. Nothing is downloaded or executed on disk besides writing to the memory directory.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The only filesystem access is to memory/context-infra, which is proportional to a preference-memory feature.
- Persistence & Privilege
- noteThe skill is designed to persist and apply axioms across sessions (expected for a memory system). Registry flags show always:false (not force-included), and model invocation is allowed (normal). Note the description claims "Always active in every session" which conflicts with the registry always:false; confirm how the platform will invoke the skill if you want guaranteed per-session loading.