Back to skill
Skillv2.1.1
ClawScan security
dr-memory-foundation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 5, 2026, 11:00 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill's files and instructions are consistent with its stated purpose: creating and normalizing a file-based memory layout in the workspace; it does not request credentials or perform network activity.
- Guidance
- This skill appears coherent and narrowly scoped, but take these precautions before applying: 1) Back up or use version control for the workspace so you can review/rollback changes. 2) Inspect the bundled templates (references/templates/) to ensure they meet your needs before copying them in. 3) Run the provided Python script locally (or in a test workspace) rather than allowing an agent to apply changes autonomously if you prefer manual control. 4) Confirm the agent's apply actions (it should preserve existing notes and be idempotent). There are no network calls or credential requests in the code, so the primary risk is undesired local file changes — mitigated by backing up and reviewing diffs.
Review Dimensions
- Purpose & Capability
- okThe name/description (file-based memory layout) matches the included templates and a small installer script that copies templates into a workspace and creates a daily log. There are no unrelated requirements (no env vars, no external services).
- Instruction Scope
- noteRuntime instructions direct the agent to inspect and reorganize workspace memory files and to copy template files as needed. Reading and writing workspace files is necessary and expected for this purpose; the skill's instructions emphasize preserving user content and idempotency. Users should note that the agent will access files in the workspace when applying the skill.
- Install Mechanism
- okNo install spec or remote downloads. The included Python script is self-contained, uses only stdlib (shutil/pathlib/textwrap/datetime), and copies bundled template files into the target workspace. No external code is fetched or executed.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The script operates on local filesystem paths only, which matches the skill's stated functionality.
- Persistence & Privilege
- okThe skill is not forced-always, is user-invocable, and does not modify other skills or global agent configuration. Its only write activity is creating template files and an auto-generated daily log within the workspace.