Skillv1.0.0

ClawScan security

persistent_user_memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 9:08 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are internally consistent with its stated purpose (local persistent user memory); it reads/writes a local JSON file and does not require external credentials or installs, but its silent read/write behavior has privacy implications users should consider.
Guidance: This skill appears to do what it says: maintain a local JSON memory and consult it automatically. Before installing, be aware that it will silently read ~/.openclaw/memory/user_profile.json before significant actions and update it after learning — that can surprise users on shared machines or when you expect explicit confirmation. Verify you trust the skill source (no homepage provided), inspect SKILL.md yourself, consider restricting file permissions on ~/.openclaw/memory, decide whether you want silent writes or prefer prompts, and know you can remove the memory file (or ask the agent to 'forget everything') to revoke persistent data.

Review Dimensions

Purpose & Capability: okName/description (persistent local user memory) align with the instructions: the skill stores and consults a local JSON profile (~/.openclaw/memory/user_profile.json) and updates it over time. There are no unrelated credential or binary requirements.
Instruction Scope: noteSKILL.md instructs the agent to silently load the profile before every significant action and silently write updates after learning. These behaviors are coherent with the purpose but grant the skill broad automatic access to user data on disk and allow automatic modifications without explicit per-write user confirmation, which is a privacy/consent concern even though operations stay local and sensitive data storage is explicitly disallowed.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing will be downloaded or executed during install. This is low-risk from an installation perspective.
Credentials: okThe skill requires no environment variables, credentials, or external config paths beyond a local profile file. The declared scope (local filesystem) matches what's needed to implement long-term memory.
Persistence & Privilege: noteThe skill persists a file in the user's home directory and instructs the agent to 'never delete' it unless the user requests. 'always' is false and the skill does not request system-wide or cross-skill config changes, but the persistent, silent read/write behavior increases the blast radius for privacy mistakes on shared machines.