Skillv1.0.4

ClawScan security

Persistent Agent Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 12:52 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and requested credential (CORAL_API_KEY) are consistent with a memory-storage integration for Coral Bricks; the main user risk is that stored text is sent to a third-party service, so treat sensitive data and the API key accordingly.
Guidance: This skill appears to do what it claims: it stores, retrieves, and deletes semantic memories via Coral Bricks. Before installing, consider: (1) Do you trust coralbricks.ai with anything you might store? Avoid sending secrets, credentials, or sensitive personal data to the memory store. (2) Protect the CORAL_API_KEY like any API secret and rotate it if leaked. (3) Note the delete command is limited (LIMIT=1) — if you need bulk deletion verify behavior with the provider. (4) Review the Coral privacy policy and, if necessary, test with non-sensitive data first. If you want stricter control over where data is stored, consider a memory provider you host yourself.

Review Dimensions

Purpose & Capability: okName/description (persistent memory) align with required binaries (curl, python3), the single required env var (CORAL_API_KEY), and the provided scripts which call the Coral Bricks Memory API. All required resources are appropriate for the described functionality.
Instruction Scope: noteSKILL.md and included scripts only perform store, search, and delete operations against https://search-api.coralbricks.ai and do not attempt to read local files or other environment variables. However, any text passed to the tools is transmitted to the third‑party API — the README notes a privacy policy but does not explicitly warn users not to store secrets. The delete script uses a hardcoded LIMIT=1 (deletes one match per call), which is not documented in SKILL.md and may be unexpected.
Install Mechanism: okNo install spec; the skill is instruction-plus-scripts only. That minimizes install-time risk because nothing is downloaded or written during installation. The scripts are simple shell + Python and contain no obfuscated or remote-download behavior.
Credentials: okOnly CORAL_API_KEY is required and is the logical credential for a hosted memory service. There are no unrelated credentials, config paths, or broad scopes requested. Note: possession of CORAL_API_KEY grants the skill (and the Coral service) access to stored memories, so treat the key like any other sensitive secret.
Persistence & Privilege: okThe skill does not request always:true and does not attempt to modify other skills or system-wide settings. It only needs network access to the Coral API at runtime and will be invoked normally by the agent when used.