Skillv1.0.0

ClawScan security

sleep-consolidation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 3, 2026, 7:58 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions request access to an external LLM API and read/write a home workspace, but the registry metadata does not declare the required API key, workspace path, or runtime binary — these mismatches are concerning and should be resolved before installation.
Guidance: Before installing: 1) Understand that the bundled scripts will read and write files under a workspace (default ~/.agent_workspace) — any data you don't want persisted or sent should not be in those logs. 2) The code sends context to api.anthropic.com and requires ANTHROPIC_API_KEY, but the registry metadata omitted that requirement; do not supply credentials unless you trust the publisher and Anthropics. 3) The metadata also didn't declare that a Python runtime is required; ensure you run the scripts in an isolated environment (container or VM) for testing. 4) If you plan to use --flush or NREM/REM modes, review session logs for secrets and consider redaction before sending; ideally run the skill with a workspace path you control. 5) Ask the publisher to update metadata to declare required env vars (ANTHROPIC_API_KEY), required binaries (python3), and the default config path, and to document any data retention/retention encryption. If you cannot verify the publisher or code, run it offline or perform a manual code audit first.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (consolidating an agent's memories to disk) matches the included scripts: they read daily logs and MEMORY.md and write curated Markdown into a workspace. However, the skill's metadata claims no required environment variables or binaries, while the code clearly requires a Python runtime and an ANTHROPIC_API_KEY — an inconsistency between declared requirements and actual capabilities.
Instruction Scope: concernSKILL.md and scripts instruct the agent to load session logs and memory contents and (in flush/NREM/REM modes) send them to the Anthropic API for processing. That behavior is coherent with the skill's purpose, but it means arbitrary session content (potentially including secrets) will be transmitted to a third-party LLM. The instructions do not constrain what to redact before sending, and the skill encourages piping full session context into the API.
Install Mechanism: okThere is no install spec (instruction-only), so no remote binaries are downloaded. The code files are bundled with the skill, which lowers supply-chain risk vs. arbitrary downloads. Still, running bundled Python scripts writes files to disk and makes network calls, so it's not risk-free.
Credentials: concernThe code requires an ANTHROPIC_API_KEY (used to call api.anthropic.com) and implicitly requires a Python interpreter and a writable workspace directory (default ~/.agent_workspace). None of these were declared in the registry metadata (no required env vars, no required binaries, no config paths). Requesting an LLM API key and granting read/write access to a home workspace are material privileges that should be declared and justified.
Persistence & Privilege: noteThe skill does persistent disk writes to a workspace (MEMORY.md, memory/, bank/). It is not force-installed (always: false). It can be invoked autonomously by agents (default), which combined with network access means it could periodically send stored memories to the external API — this is expected for the skill but increases blast radius if sensitive data is stored.