Skillv1.0.0

ClawScan security

Enhanced Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 25, 2026, 10:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose and the included scripts generally match, but there are notable inconsistencies (hard-coded absolute paths vs. relative paths, file-delete behavior despite “never delete” claims) and filesystem-access implications you should resolve before installing.
Guidance: This skill is coherent with its stated goal, but review and adapt before installing: 1) Fix the MEMORY path mismatch — memory_lifecycle_manager.py and memory_retrieval_strategy.py use /home/clawdbot/.openclaw/workspace/memory while memory_tag_search.py looks in a relative scripts/memory directory; decide which path is correct and update scripts to the same, configurable location. 2) Verify permissions and owner of the chosen memory directory — these scripts will read, copy, and remove (unlink) files in that directory; run them in a safe/test workspace first. 3) Note the lifecycle script copies files to archived/ then deletes the original from active dirs (so active copies are removed) — if you truly need originals preserved in-place, change the behavior. 4) Search the code for any absolute paths or name lists you don't expect (the retrieval regexes include many personal name patterns) and adjust. 5) Run the scripts locally in a sandbox or with a backup of your memory files before enabling cron or automated runs. If you want a more confident recommendation, provide the host environment layout (where your agent stores memory) so I can check exact path compatibility and a short sample of your memory directory structure.

Review Dimensions

Purpose & Capability: okName/description match the code: all scripts implement filesystem-based memory organization, tag search, retrieval, and lifecycle management. No network calls or unrelated binaries/credentials are requested.
Instruction Scope: concernSKILL.md instructs the agent and operator to read/write/manage a memory directory and to run the included scripts. The scripts access and modify files on disk (archive, copy, delete original), which is expected, but the instructions are permissive about file locations and cron setup and do not tell users to verify or adapt hard-coded paths.
Install Mechanism: okInstruction-only with bundled Python scripts (no external installs, no network downloads). Risk from installation is low, but runtime writes/reads are the main surface.
Credentials: concernNo env vars or credentials required (good), but scripts use a hard-coded absolute path (MEMORY_BASE = /home/clawdbot/.openclaw/workspace/memory) in two scripts while the tag search script uses a relative ./memory path next to the script — this inconsistency could cause scripts to operate on different directories or unexpectedly access a host user's home directory.
Persistence & Privilege: noteSkill does not request always: true and does not modify other skills. However, it will read, copy, and remove files under the memory directory (file_path.unlink()), so it requires filesystem read/write/delete privilege over whatever memory path is used. That is normal for a memory manager but you should confirm the path and permissions.