Back to skill
Skillv1.8.0
ClawScan security
dr-context-pipeline · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 12:53 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill’s files, scripts, and runtime instructions are coherent with a deterministic context/retrieval pipeline and do not request unrelated credentials or network installs — but it will read and publish local memory files and modify workspace files, so review before applying.
- Guidance
- This skill appears to do what it says: it installs a local context_pipeline, validates it, and enforces an evidence contract that makes the agent emit Retrieval Bundle and Context Pack JSON objects built from your local memory files. Before installing: (1) review the included scripts (install_pipeline.py, validate_pipeline.py, memory_watchdog.py) — they operate only on local files and do not contact external services; (2) back up AGENTS.md and any existing context_pipeline directory because the installer copies/overwrites files in workspace/context_pipeline; (3) inspect your memory files for any sensitive data you do not want pasted into transcripts (the skill requires emitting snippet contents and diffs); and (4) if you plan to allow autonomous agent runs, be aware the evidence contract will cause the agent to include local memory artifacts in its outputs unless you explicitly waive that behavior per the skill's instructions.
Review Dimensions
- Purpose & Capability
- okName/description (deterministic retrieval, compression, lint, evidence contract) match the included assets and scripts. The router, schemas, compressor prompts, validator, installer, and watchdog all relate directly to a file-based memory pipeline; there are no unrelated env vars, binaries, or external credentials requested.
- Instruction Scope
- noteRuntime instructions explicitly require reading the workspace memory files (memory/always_on.md, memory/topics/*, daily logs), producing and pasting full Retrieval Bundle and Context Pack JSON objects, and editing AGENTS.md with a git diff in the transcript. This is consistent with the stated goal but has privacy implications: the skill mandates emitting local memory contents in the agent transcript for every (non-waived) interaction, which may expose sensitive data if the transcript is shared or logged. The instruction set is prescriptive and non-optional (NOT EXECUTED contract).
- Install Mechanism
- okNo external install spec; the included install script copies bundled asset files from the skill into the user's workspace using shutil.copytree. There are no network downloads, installers, or third-party package pulls. Note: copytree with dirs_exist_ok will write into the target directory and can add/overwrite files under workspace/context_pipeline — expected for this skill but worth reviewing.
- Credentials
- noteThe skill requires no environment variables or external credentials, which is proportionate. However, it does require read access to the user's workspace memory files and write access to the workspace (it installs files and the workflow asks the agent to patch AGENTS.md). Those file accesses are necessary for a file-based memory pipeline but mean the skill will touch and publish local files and diffs — back up any important files before applying.
- Persistence & Privilege
- okalways:false and no special platform privileges. The skill does not request to be force-enabled or modify other skills. Autonomous invocation is allowed by default (normal for skills); combined with the mandatory evidence contract this could cause the agent to repeatedly publish local memory when run autonomously, but that behavior follows the skill's purpose rather than being an unexplained privilege escalation.