Skillv1.4.0

ClawScan security

Hermes Memory CN · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 12:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions generally match a local long-term memory tool, but there are several implementation inconsistencies and risky defaults (hardcoded paths, optional third‑party model mirror, and auto‑generation of skill drafts) that you should review before installing.
Guidance: This skill appears to implement a local memory system as described, but check a few things before installing: - Review and adjust hardcoded paths: change PYTHON and _MODEL_PATH to values appropriate for your machine (or ensure the recommended Python and model location exist). Hardcoded /Users/dream and /opt/homebrew paths are likely wrong for many users. - Inspect the model source: the install guide suggests downloading a model from HuggingFace or an 'hf-mirror.com' mirror. Only download model files from a source you trust; untrusted mirrors can host malicious model files. - Confirm where data is stored: memory.db and skill_drafts/ will be created in the scripts directory. If you want them elsewhere, move scripts or modify DB_PATH. Consider filesystem permissions and backups. - Understand agent integration: the recommended AGENTS.md integration runs memory_tool.py after replies. That gives the agent routine ability to run local commands that will write data — only enable automatic invocation if you trust the agent and the script behavior. - Review code yourself (or run in an isolated environment): the included Python files are the primary runtime surface; run them in a virtualenv or sandbox first and verify they behave as expected (search, add, decay, export) before using with sensitive conversations. If you can accept/mitigate the above (fix paths, trust the model source, run in a controlled environment), the skill is coherent with its stated purpose. If any of the defaults or the mirror suggestion worry you, treat this as suspicious and do not enable automatic integration until resolved.

Review Dimensions

Purpose & Capability: noteThe name/description (local long-term memory) aligns with the provided CLI scripts and DB code: memdb.py, memory_tool.py and skill_evolve.py implement a local SQLite+vector memory with search, add, decay, export and an evolution system. However there are odd hardcoded defaults (Python binary /opt/homebrew/bin/python3.12 and a model path under /Users/dream/.cache/...) which are platform/user-specific and not justified in the description.
Instruction Scope: noteSKILL.md explicitly tells an agent to run the included CLI tools after replies and suggests adding those calls to AGENTS.md and a nightly cron. That is consistent with a memory skill, but it grants the agent routine ability to execute local commands that write/modify files (memory.db, exported Markdown, skill_drafts/). The instructions do not ask to read unrelated system paths or external secrets, and the runtime commands are constrained to the skill's own scripts.
Install Mechanism: concernThis is instruction+code only (no packaged install spec). The references/install.md asks you to pip install sqlite-vec, pysqlite3, sentence-transformers and to download a HuggingFace model (or use an 'hf-mirror.com' mirror). Using an unvetted mirror is a risk (malicious weights/config), and the reliance on sqlite-vec (native extension) and pysqlite3 may require building binary components. No archive downloads from unknown IPs are included by the skill itself, but the install instructions leave trust decisions to the user.
Credentials: concernThe skill declares no environment variables or credentials (good), but the code contains hardcoded, user-/platform-specific paths: PYTHON = /opt/homebrew/bin/python3.12 and _MODEL_PATH = /Users/dream/.cache/.... Those defaults are inappropriate for many users and could cause confusion or accidental use of unexpected model files. No external credentials are requested, and the scripts do not contact external endpoints at runtime (they load local models), but the install guide instructs network downloads for the model.
Persistence & Privilege: noteThe skill is not 'always: true'. It expects to be invoked by the agent (normal). It creates/writes local files: memory.db (in the scripts directory), exported Markdown, and skill_drafts/ when evolving patterns. That file-write behavior is consistent with its purpose but you should be aware it will persist user data locally and generate draft skill files that may incorporate user conversation content.