Skillv1.2.0

ClawScan security

Clawng Term Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 21, 2026, 11:59 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it says (version-control and push agent core files); it is internally consistent, but it will automatically stage and push potentially sensitive agent data to a remote Git repo — so review repo access, tracked files, and secrets before enabling it.
Guidance: This skill is internally coherent and implements what it promises, but it will routinely stage and push your agent's internal data (MEMORY.md, IDENTITY.md, SOUL.md, installed skills) to whatever Git remote you configure. Before installing: (1) ensure the GitHub repo is private and access is tightly controlled; (2) audit the files that will be tracked (especially skills/ and memory/) for secrets or PII and add sensitive paths to .gitignore or remove them from commits; (3) prefer SSH keys with least-privilege deploy keys rather than storing personal tokens in plaintext; (4) consider encrypting or redacting any sensitive content before commit, or add a pre-commit review step instead of fully automatic commits/pushes; (5) be cautious about the automatic daily synthesis model that aggregates memories across agents — it can increase exposure of private data. If you want, I can suggest a safe .gitignore template, a pre-commit hook to detect secrets, or a minimal workflow that stores only non-sensitive metadata in the remote repo.

Review Dimensions

Purpose & Capability: okName, description, and included scripts align: commit.sh commits core knowledge files to an agent/<hostname> branch and pushes to origin; merge.sh fetches agent branches and stages their MEMORY.md contents for synthesis. Tracked paths (SOUL.md, MEMORY.md, skills/, etc.) match the declared purpose of backing up agent core knowledge.
Instruction Scope: noteInstructions require running git commands and pushing internal data to a remote repo and recommend always auto-committing after any core-file change. This is consistent with the stated goal, but the workflow routinely transmits potentially sensitive content (IDENTITY.md, MEMORY.md, skills/) to a remote Git host and instructs automated daily synthesis — the SKILL.md does not instruct any filtering or redaction of secrets or PII prior to commit/push.
Install Mechanism: okNo install spec or external downloads; this is instruction-only with included shell scripts. No network downloads or archives executed by the skill itself.
Credentials: noteThe skill declares no required env vars, which is reasonable: it relies on the user's existing git authentication (SSH keys or credential helper). However, it implicitly depends on git credentials being present and will use them to push potentially sensitive files to the configured remote. The skill does not request any unrelated credentials, but you should verify what will be committed (skills/, memory/) before enabling automatic pushes.
Persistence & Privilege: okDoes not request always:true or other elevated platform privileges. Scripts modify only the workspace repo and write staging output to /tmp; they do not change other skills' configurations or system-wide settings.