Skillv1.0.5

ClawScan security

memory-compact · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 11:26 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its stated purpose (local daily memory backup and key-point extraction) but contains inconsistencies between its documentation/claims and the actual code (notably use of subprocess, missing notification/logging implementation, and inaccurate safety claims), so review before installing.
Guidance: This skill appears to implement local backup and simple key‑point extraction as advertised, but there are mismatches between its documentation and code. Before installing or enabling it: 1) Review wrapper.py’s use of subprocess.run — if you prefer no subprocess usage, consider replacing the wrapper with a direct import and call to memory_backup.main() or run memory_backup.py directly. 2) Verify that no network/networking code exists (the shipped code is local-only) and ensure your environment policy prevents unexpected network egress. 3) Be aware the README/SKILL.md mention logs and a Feishu notification file that are not implemented; if you rely on those features, update the code. 4) Test the script in an isolated environment (container or VM) with representative workspace files and check that backups and MEMORY.md are written only under ~/.openclaw/workspace. 5) If you need stronger guarantees, run static analysis or have someone audit the code; if anything seems unclear (why subprocess is used, where notifications/logs should be), ask the author for clarification or correct the wrapper to avoid subprocess usage.
Findings: [SUBPROCESS_USAGE] unexpected: wrapper.py uses subprocess.run to invoke the bundled Python script. It's not inherently malicious, but SKILL.md and the README explicitly claim 'no system commands/subprocess', so the presence of subprocess is an inconsistency that should be clarified. [MISSING_NOTIFICATION_OR_LOG_IMPLEMENTATION] unexpected: Documentation and SKILL.md state a Feishu notification file is generated and reference a log file path, but memory_backup.py contains no code that writes a separate notification file or the referenced log; this mismatch may be accidental or indicate stale/incorrect docs.

Review Dimensions

Purpose & Capability: noteName/description, required binary (python3), and included scripts align with a local backup/key‑point extraction tool. The files operate on ~/.openclaw/workspace which is appropriate for the stated purpose. Minor mismatch: README/SKILL.md claim the skill 'generates Feishu notification' and writes logs, but the code does not implement a network notification — it only prints output to stdout.
Instruction Scope: concernSKILL.md and README repeatedly claim 'no subprocess/system commands' and 'no network requests', but wrapper.py uses subprocess.run to invoke the Python script (this is a system call). The documentation references a log file path (/root/.openclaw/workspace/scripts/memory_backup.log) and generation of a Feishu notification file, yet memory_backup.py does not write a notification file or a log to that path. These inconsistencies broaden the agent's allowed behavior compared to what's promised in the docs.
Install Mechanism: okNo install spec; code is shipped with the skill and requires only python3. No downloads or archives are fetched at install time, which is low-risk.
Credentials: okThe skill requests no environment variables or external credentials. File operations are confined to a single workspace path (~/.openclaw/workspace). This is proportionate to the stated function.
Persistence & Privilege: okalways is false and the skill does not request persistent elevated privileges or modify other skill configurations. It is user-invocable and can be scheduled externally via cron; that is appropriate for a scheduled backup utility.