Back to skill
Skillv1.2.1
ClawScan security
Memory Organizer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 3:47 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's behavior matches its description (organizing and compressing local memory files) but it reads an undeclared environment variable (OPENCLAW_WORKSPACE) and performs destructive file operations in the user's workspace — review and back up your data before use.
- Guidance
- This skill appears to do what it says (organize and compress local memory markdown files), but it will modify your files in-place (creates .bak and .discarded files, overwrites originals when compressing) and reads the OPENCLAW_WORKSPACE environment variable even though no env vars were declared. Before installing or running: 1) review memory-organizer.js (it's included) to confirm there are no network calls or unexpected behavior (there are none obvious, but inspect the whole file). 2) Set OPENCLAW_WORKSPACE to a test or temporary workspace, or verify the default path (~/.openclaw/workspace-main) is the intended target. 3) Make a full backup/copy of your MEMORY.md and memory/ directory. 4) Run operations first in non-forcing mode (-– without force) to see what would change; note discard requires --force to actually delete/move files. 5) If you lack the ability/comfort to audit the code, run it in an isolated environment or container. These steps reduce the risk of accidental data loss even though the skill's functionality is generally coherent with its description.
Review Dimensions
- Purpose & Capability
- noteName, README, SKILL.md and the included JS file are coherent: the code implements scanning, compressing, classifying, promoting and discarding markdown memory files in a two-layer model as described. The required capabilities (file read/write in a workspace memory directory) align with the stated purpose.
- Instruction Scope
- okSKILL.md instructs the agent to validate paths, operate only inside the workspace memory files, and preserve backups. The code implements path checks (isPathSafe, isFilenameSafe), creates backups (.bak, .discarded), and limits operations to the workspace memory directory — the runtime instructions and code stay within the declared functional scope.
- Install Mechanism
- noteThere is no install spec (instruction-only) which is low-risk, but the package includes an executable Node.js script (memory-organizer.js). The README suggests running the script directly (node memory-organizer.js). Because code will be executed on the user's machine, the user should review the script before running it even though there is no remote install/download.
- Credentials
- concernThe skill reads process.env.OPENCLAW_WORKSPACE to determine workspace location but SKILL.md / registry metadata do not declare required environment variables. This is a mismatch: the script will fall back to ~/.openclaw/workspace-main if the env var is not set, but users should be aware the script uses that env var and will operate on local files. No network credentials are requested, but undeclared env access is a notable inconsistency.
- Persistence & Privilege
- noteThe skill is not always-enabled and does not request elevated platform privileges. However it performs file modifications (compress, rename to .discarded, write .bak backups) inside the user's workspace. That is expected for this functionality but is a persistent effect on local files; the user should ensure backups and run cautiously.