Back to skill
Skillv2.1.0
ClawScan security
Knowledge Management · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 25, 2026, 5:59 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and documentation mostly match its stated goal (organizing local MEMORY.md into per-type folders), but there are inconsistent environment variable names, hardcoded default paths, and a cleanup operation that could delete files — these mismatches warrant caution before installing or running the tool.
- Guidance
- This skill appears to do what it says (parse local MEMORY.md and create organized markdown files), but there are a few red flags you should check before installing or running it: - Review and fix env var inconsistencies: SKILL.md/README mention OPENCLAWORKSPACE or WORKSPACE, but the code checks OPENCLAW_WORKSPACE. Decide which variable you will set and ensure the code or docs are aligned. - Check the default path: the code falls back to /home/ubuntu/.openclaw/workspace if no workspace is detected. On non-Ubuntu machines this may point to a non-existent or wrong home — set the workspace explicitly via --workspace or the correct environment variable. - Run in dry-run first: use km sync --dry_run (or km cleanup --dry_run) to preview changes before any files are written or deleted. - Back up your workspace: before running km sync --cleanup, back up memory/ and MEMORY.md so you can recover if the state file is wrong. - Inspect the bundled script: look through index-local.js (you have it) to confirm behavior (directory creation, file writes, hashing logic) meets your expectations; ensure no unexpected network calls are added later. - Install locally and trust source: the package exposes 'km' via package.json. Only npm link or add to PATH a copy you trust (don't run code from unknown servers). If these checks are satisfied and you run in dry-run mode first, the tool is usable; if you cannot confirm the workspace path or if you rely on shared/important files in the workspace, treat the cleanup step as potentially dangerous.
Review Dimensions
- Purpose & Capability
- noteThe name/description align with the actual behavior: reading local MEMORY.md and daily memory/*.md files, classifying entries, and writing timestamped markdown files. Requiring a local 'km' binary is coherent because package.json exposes that CLI. However, the tool relies on a local CLI (index-local.js) rather than an external service — that matches purpose but deserves attention because installation (npm link or placing the script on PATH) is necessary. Minor concern: the code defaults to /home/ubuntu/.openclaw/workspace which may be unexpected on non-ubuntu systems.
- Instruction Scope
- concernInstructions and code describe only local filesystem operations (parsing MEMORY.md, writing files, maintaining local state), which is appropriate. However there are multiple inconsistencies between docs and code about environment variable names and default locations: SKILL.md/README reference OPENCLAWORKSPACE (no underscore) or WORKSPACE while index-local.js checks OPENCLAW_WORKSPACE (with underscore). SKILL.md and README say default is ~/.openclaw/workspace, but the code falls back to /home/ubuntu/.openclaw/workspace. The tool also supports a --cleanup operation that will delete 'orphaned' files; if the state file is incorrect or out-of-sync this could remove user files. These mismatches and the destructive cleanup option are reasons to review behavior carefully before running.
- Install Mechanism
- okNo remote install spec is provided (instruction-only skill + included JS file). The project exposes a local CLI via package.json's 'bin' field; installation is local (npm link or placing the script on PATH). There are no downloads from external URLs and no unexpected installers in the manifest, which reduces install risk.
- Credentials
- noteThe skill requests no secrets and no external credentials, which is appropriate. The only required 'credential' is the local 'km' binary. But documentation and code disagree on environment variable names (OPENCLAWORKSPACE vs OPENCLAW_WORKSPACE vs WORKSPACE), which can lead to confusing behavior. Also the hardcoded fallback to /home/ubuntu/.openclaw/workspace may cause the tool to read/write in an unexpected location if environment detection fails.
- Persistence & Privilege
- notealways:false (good). The skill writes files into a workspace and maintains a local state file (memory/local-sync-state.json) — this is expected for the purpose. The notable privilege is the '--cleanup' operation which will remove files not referenced in the state mapping; that is a normal feature for sync tools but has real destructive potential if the state file is corrupted or if the workspace path detection is wrong. The skill does not request system-wide configuration changes or credentials for other skills.