Skillv0.1.1

ClawScan security

Memos · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 8:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code implements the claimed Memos API functionality and requests the expected MEMOS_URL and MEMOS_TOKEN, but the registry metadata does not declare those required credentials (and the skill relies on the requests library without an install spec) — this mismatch is concerning and should be resolved before trusting the skill.
Guidance: This skill's code looks straightforward and implements the documented Memos API calls, but there are two practical issues to consider before installing: - Registry metadata mismatch: The skill actually requires MEMOS_URL and MEMOS_TOKEN (and will abort if they are not set), but the registry entry declares no required env vars. Treat that as a red flag — ask the publisher to correct the manifest so you know a secret is required. - Dependency: The script uses Python's 'requests' library but includes no install instructions. Ensure your environment has Python and requests installed before running. - Secrets: MEMOS_TOKEN is a secret. Only use a token for a Memos instance you trust, and do not paste the token into public places or into agents you do not fully trust. If you grant this skill a token, consider creating a scoped/revocable token and rotate it if you stop using the skill. - If you need stronger assurance: run the included memos.py yourself in an isolated environment, inspect network traffic to confirm it calls only your MEMOS_URL, and request the author update the registry manifest to declare required env vars and dependencies.

Review Dimensions

Purpose & Capability: concernName, description, SKILL.md, and memos.py are consistent in purpose: calling a Memos instance to create/get/delete/list memos. However, the registry metadata claims no required env vars or primary credential while both SKILL.md and the code require MEMOS_URL and MEMOS_TOKEN. That discrepancy is an incoherence between claimed requirements and actual behavior.
Instruction Scope: okSKILL.md instructs only API operations (create/get/delete/list) against the Memos API and documents behavior (tagging, pagination, error handling). The runtime instructions and the code do not attempt to read other system files, unrelated environment variables, or external endpoints beyond the configured MEMOS_URL.
Install Mechanism: noteThere is no install spec (lower risk). The code depends on the Python 'requests' library but no dependency or install step is declared; this is an operational omission (not direct malware), and failures may occur on systems without requests installed.
Credentials: concernThe only environment variables actually used (MEMOS_URL and MEMOS_TOKEN) are proportionate to the skill's purpose. However, the registry metadata incorrectly lists 'Required env vars: none' and 'Primary credential: none', which is misleading and could hide the need to provide a secret token; that mismatch should be corrected and disclosed to users.
Persistence & Privilege: okThe skill does not request elevated persistence. Flags are default (always: false, agent invocation allowed). It does not modify other skills or system-wide settings.