Skillv2.0.0

ClawScan security

Context Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 3, 2026, 9:45 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are internally consistent with a local context/memory manager: it only reads/writes local JSON files and does not request external credentials or network access.
Guidance: This skill appears to do what it says: a local context manager that stores project/session data in JSON files. Before installing, consider: (1) the script writes to /home/deus/.openclaw/... — if your system user is not 'deus' the path will likely be incorrect; review or modify the code to use a configurable path or $HOME; (2) the included Node.js script will be executed locally and will create/modify JSON files in that directory — back up any existing data at that path; (3) there are no network calls or credential requests visible, so it does not exfiltrate data per the provided files, but you should still review the full script (the CLI parsing was truncated in the bundle you provided) before running; (4) because the skill can be invoked autonomously by the agent (default), only enable it if you trust it to run and save session state automatically. If you want higher assurance, run the script in a sandbox or inspect/modify the hardcoded path and any remaining truncated code paths before use.

Review Dimensions

Purpose & Capability: noteThe name/description match the included CLI script and SKILL.md: the skill manages projects, saves/restores session context, and summarizes projects. One implementation detail worth noting: storage is hard-coded to /home/deus/.openclaw/workspace/memory/projects/ rather than using a portable $HOME or configurable path. That is not inconsistent with its purpose but is an implementation fragility (will not work as-is for other system usernames or environments).
Instruction Scope: okSKILL.md instructions are narrowly scoped to saving/restoring project context, switching projects, heartbeats, and listing/summarizing projects. The runtime instructions and triggers reference only local files and the MEMORY.md integration; they do not instruct reading unrelated system files, environment secrets, or sending data to external endpoints.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes install-time risk. A JavaScript CLI file is included; since no install or remote download occurs, there's no archive or external code fetch risk. Users should still be aware the included script can be executed locally and will write files to disk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths beyond its own project storage path. The code only accesses local filesystem paths under the stated projects directory and does not reference or demand tokens, keys, or unrelated credentials.
Persistence & Privilege: okThe skill does not request always:true and uses normal invocation. Its persistence is limited to writing its own JSON files in the projects directory and updating its own session file; it does not modify other skills or global agent settings.