Skillv1.4.0

ClawScan security

SecondMind · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 15, 2026, 8:20 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: SecondMind's code, runtime instructions, and external usage are consistent with an autonomous memory/initiative assistant that reads OpenClaw sessions, stores local state, calls OpenRouter for LLM work, and optionally notifies via Telegram/Discord — but it installs persistent cron/tasks and asks you to provide an API key, so review config and cron changes before installing.
Guidance: SecondMind appears to do exactly what it claims: it reads your OpenClaw session JSONL files, stores local SQLite records, calls OpenRouter for LLM operations, and can notify via Telegram/Discord. Before installing, consider the following: - Review the code and config.json yourself (or in a sandbox) before running setup.js. The repository will create a local data directory (data/secondmind.db) and install cron/Task Scheduler jobs that run every 30 minutes / 6 hours / daily — check and approve those changes. - Keep your OpenRouter API key and Telegram bot token private. The skill asks you to add the OpenRouter key into config.json (or to provide it via an agent prompt); only provide the key if you trust the environment and accept potential API usage/billing. - The skill will capture session contents (including active sessions) during its flush/ingest flows; if you have sensitive conversation content, review what gets stored and where (data/). - Cron jobs and the standalone bot will generate periodic outbound network traffic (OpenRouter API + optional Telegram/Discord). Expect small, recurring API usage and costs; choose model settings carefully. - If you are uncomfortable with persistent background jobs, run the scripts manually for testing (node scripts/status.js, ingest.js, consolidate.js, initiative.js) instead of installing cron/schtasks. Minor metadata note: registry metadata said “no install spec” while SKILL.md includes an npm install step — that mismatch likely reflects metadata staleness but you should verify the install steps prior to running them.

Review Dimensions

Purpose & Capability: okThe skill name/description (autonomous memory, proactive suggestions) lines up with the code and instructions: it ingests OpenClaw JSONL sessions, stores them in a local SQLite DB, runs consolidation/initiative jobs, uses an LLM provider (OpenRouter), and offers Telegram notifications and project tracking. Required binary is just node, which matches the Node.js implementation.
Instruction Scope: noteSKILL.md and AGENT-SETUP.md explicitly instruct running setup.js, creating cron/scheduler jobs, and running multiple scripts (ingest, consolidate, initiative, flush, etc.) that read session files and write to a local DB. This is within the stated scope. Two items to be aware of: (1) a CRITICAL pre-reset step instructs running flush.js to capture active session contents prior to resets (intended for data retention but will capture ephemeral session content), and (2) AGENT-SETUP.md instructs the agent to ask the user for their OpenRouter API key — users should be cautious about supplying secrets via an agent prompt.
Install Mechanism: noteThe skill's install step runs npm install --production in the repo, which pulls dependencies declared in package.json (notably better-sqlite3, etc.). This is a standard package install from npm (no arbitrary URL downloads observed). better-sqlite3 is a native module and may require build tools. Registry metadata earlier said 'no install spec' while SKILL.md includes an install command — a minor metadata inconsistency but not a direct security indicator.
Credentials: noteThe skill does not require OS credentials or unrelated secrets. It expects an OpenRouter API key (stored in config.json) and optionally Telegram bot token / Discord webhook for notifications — these are proportional to the stated functionality. One mismatch: registry/metadata lists no required env vars, yet setup and docs require an OpenRouter API key in config.json (not an env var). The agent-assisted setup suggests prompting the user to provide the OpenRouter key — treat that as sensitive and only provide it if you trust the skill/agent and understand billing implications.
Persistence & Privilege: noteThe skill does not set always:true and does not alter other skills. However, setup.js installs persistent background jobs (crontab on Linux or scheduled tasks on Windows) that will run regularly and perform ingestion, consolidation, archival, and initiative tasks. This persistent scheduling is consistent with the skill purpose but is a meaningful level of system presence that the user should explicitly approve and review.