LYGO Universal Living Memory Library (v1.1)
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a bounded, user-invoked local memory audit and compression advisor, with no evidence of hidden network access or destructive behavior.
This skill looks benign and narrowly scoped. Before installing or using it, confirm the indexed files are the ones you intend to audit, avoid including secrets in archives, review any generated Master Archive or audit report before sharing, review the separate LYGO-MINT verifier if you install it, and only schedule nightly audits if you want ongoing local file checks.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private conversations or memory materials could be summarized into an archive that may later be shared, reused, minted, or anchored.
The workflow can transform potentially private logs or conversation exports into a reusable archive. This is central to the skill's purpose, but users should treat those inputs and outputs as sensitive.
Input: Any set of logs, scrolls, seals, or conversation exports. Output: A single Master Archive that is ... repostable ... hash-addressable
Review all inputs and the generated Master Archive for secrets or private content before minting, anchoring, or sharing.
Running the audit can reveal metadata and hashes for selected local memory files and create a persistent report file.
The script reads and hashes indexed local files and writes an audit report. The behavior is disclosed and bounded by the included index, but it is still local file inspection and mutation.
p = (base / rel).resolve(); ... row['sha256'] = sha256_file(p); ... out_path = base / 'state' / 'living_memory_audit_report.json'
Run the audit only against the intended workspace and review the generated report before sharing it.
Installing the verifier may add capabilities or code not assessed in this review.
The skill refers users to a separate verifier component that is not included in these artifacts. This is purpose-aligned for minting, but it is a separate dependency.
Core verifier (install) - https://clawhub.ai/DeepSeekOracle/lygo-mint-verifier
Review the LYGO-MINT verifier skill separately before installing or relying on it.
If the user schedules it, the audit may repeatedly inspect the indexed files and refresh local report state.
The artifact suggests optional recurring execution. It is explicitly not automatic, but scheduled runs would continue inspecting files and writing reports over time.
Nightly audit is *recommended* (but not automatic): run `scripts/audit_library.py` via your scheduler/cron.
Only add a scheduler or cron entry intentionally, and remove it if ongoing audits are no longer wanted.