Skillv1.0.0

ClawScan security

Memoria Memory System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 26, 2026, 9:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches its stated purpose (local memory management) but has some inconsistencies and safety-relevant gaps (missing declared dependencies, destructive file operations without path validation, and scripts that an agent could run autonomously) that the user should understand before installing.
Guidance: This skill appears to implement the stated memory-management features, but review and take precautions before installing: 1) Verify jq, tar and Bash are available, and update the skill metadata to reflect these dependencies. 2) Inspect and edit config.json so memory.base_path and backup.path point to a safe, isolated directory you control (do not leave defaults if running from a high-privilege or home directory). 3) Avoid running rollback with --force or exposing the skill to untrusted agent autonomy until you are comfortable (consider setting disable-model-invocation:true if available). 4) Run memory-backup.sh --dry-run and memory-health-check.sh without --fix first to see actions. 5) Be cautious with cron installation: schedule only after manual verification. 6) If you need stronger safety, request path validation/whitelisting in the scripts (prevent operations outside a sandboxed memory path).

Review Dimensions

Purpose & Capability: noteThe name/description match the included scripts (backup, migrate, rollback, health-check). However the registry metadata claims no required binaries/env, while SKILL.md and the scripts require Bash, jq, and tar — a metadata omission that reduces clarity about runtime needs.
Instruction Scope: concernRuntime instructions direct the agent (or user) to run shell scripts that perform file-system mutations (mkdir, cp, rm -rf, tar extraction, find -delete). The scripts accept --path arguments and read config.json; there is no path sanitization or safety checks, so a mis-set config or malicious/erroneous argument could overwrite or extract into arbitrary directories (e.g., dirname of MEMORY_PATH). Rollback uses rm -rf on MEMORY_PATH and extracts archives relative to dirname(MEMORY_PATH), which can be destructive if MEMORY_PATH is configured incorrectly.
Install Mechanism: okThere is no network-based install step in the skill manifest (instruction-only install spec). The code files are included in the skill bundle; nothing in the manifest downloads remote archives. This is lower install risk, but the provided scripts will be placed on disk and can be executed by the agent or user.
Credentials: okThe skill requests no credentials or environment variables. That is appropriate for a local filesystem-oriented memory manager. The SKILL.md does require local tools (bash, jq, tar) which are reasonable for the tasks.
Persistence & Privilege: notealways:false (normal). The skill can be invoked autonomously by the agent (disable-model-invocation:false), which combined with shell scripts that modify local files increases blast radius: an agent with this skill could create, backup, rollback, or delete the configured memory directory. This is expected for a management tool but worth confirming you trust autonomous actions.