Back to skill
Skillv1.0.0
ClawScan security
Three Tier Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 16, 2026, 7:03 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- Skill generally implements a three-tier memory manager that matches its description, but there are several inconsistencies in its instructions vs. code (config format, LLM integration), and the script reads/writes a workspace path via an undeclared WORKSPACE_DIR environment variable — review before installing.
- Guidance
- This skill appears to implement the advertised three-tier memory system, but there are several mismatches between the documentation and the code you should review before installing: (1) The docs ask for a YAML config but the script uses a JSON config file; (2) The docs mention automatic summarization via LLMs, yet the script currently uses a local placeholder summary routine (no LLM network calls) — if you expect integrated LLM summaries you must inspect/modify code to provide the intended API hooks and ensure credentials are handled safely; (3) The script writes files into WORKSPACE_DIR (default /Users/scott/.openclaw/workspace) but the SKILL.md does not declare or highlight this environment variable — set WORKSPACE_DIR to an isolated directory or inspect the default path before running; (4) The long-term store uses chromadb if installed; installing third-party Python packages should be done in a virtualenv and reviewed. Recommendation: review the included scripts/memory_manager.py source yourself (or run it in an isolated environment), confirm where files will be written, and only enable LLM/network integrations after verifying how credentials would be provided and stored. If you need higher assurance, request a version that actually integrates with your intended LLM backend and documents required env vars and install steps.
Review Dimensions
- Purpose & Capability
- noteThe code implements short/medium/long-term memory (sliding-window JSON, summaries, and a local ChromaDB vector store) which matches the skill's stated purpose. Using a local vector DB (Chroma) and local files is reasonable for this purpose.
- Instruction Scope
- concernSKILL.md and references instruct running the included Python script and mention YAML config and external LLM models, but the script: (a) actually saves config as JSON (not YAML), (b) implements a placeholder local summarize function instead of calling an LLM, and (c) the behavior writes files to a workspace directory — these mismatches mean the runtime behavior may differ from user expectations. The SKILL.md also suggests using specific models (e.g., 'glm-4-flash', 'gpt-3.5-turbo') though the script does not perform real LLM calls.
- Install Mechanism
- okNo install spec is provided (instruction-only + included script). That is low-risk in terms of install mechanism because nothing is fetched during install; code is shipped with the skill.
- Credentials
- noteThe skill declares no required env vars, but the script reads WORKSPACE_DIR (defaulting to '/Users/scott/.openclaw/workspace') to determine where it writes memory files. This environment dependency is not documented in SKILL.md. No credentials or secret env vars are requested, which is proportionate.
- Persistence & Privilege
- okThe skill does not request always: true and does not modify other skills or system-wide settings. It persists data under a workspace directory (creates files and directories), which is expected behavior for a memory manager.