Identity Manager
Security checks across malware telemetry and agentic risk
Overview
This skill is transparent about being an identity memory tool, but it automatically creates long-lived local profiles for people, organizations, and groups mentioned in chats.
This is best treated as a persistent contact-and-relationship memory system, not a lightweight helper. Use it only if you are comfortable with the agent creating local profiles for mentioned people and groups, and disable auto-scan or review/delete the generated files if you do not want broad long-term identity tracking.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may create long-lived records about people, organizations, groups, and relationships simply because they were mentioned in chat.
The skill is designed to build persistent identity memory for all mentioned entities, which can include private or sensitive relationship context and be reused in later sessions.
Create, update, and maintain structured identity entries for every person, org, or group mentioned in conversation... Persistent context across sessions.
Install only if you want automatic identity memory. Review generated identity, memory, and soul files regularly, and prefer an explicit-confirmation or manual mode for third-party personal data.
Normal conversations may trigger automatic record creation or updates before the agent answers the actual request.
The instructions make the skill's identity-write workflow a mandatory precondition for responses, even when the user's current request is unrelated to identity management.
The agent MUST NOT skip, defer, or partially complete any step... Execute ALL queued ops... before composing reply.
Use this skill only when persistent identity tracking is desired, and set `IDENTITY_AUTO_SCAN=false` or require user confirmation before automatic creates and updates.
Mistaken or sensitive identity entries may remain available to future sessions until manually deleted.
The retention policy keeps generated identity records indefinitely unless the owner manually removes them, increasing the impact of accidental, incorrect, or unwanted profiling.
retention: policy: "explicit_delete" ... archived_entries: "never_auto_delete" ... delete_method: "owner must manually remove files"
Before using the skill, define a cleanup process, retention limit, and review workflow for identity entries, archives, memory indexes, and soul context files.