Skillv1.0.0

ClawScan security

Persistent Agent Memory 1.0.1 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 11:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (persistent memory via Coral Bricks) is plausible and the requested API key is expected, but there are multiple mismatches and missing pieces (referenced scripts not included, metadata inconsistencies, and an undeclared environment variable) that make the package internally inconsistent.
Guidance: This skill appears to implement persistent memory via the Coral Bricks API and asking for CORAL_API_KEY is expected. However: (1) the SKILL.md references helper scripts (scripts/coral_store, coral_retrieve, coral_delete_matching) that are not included — ask the publisher for the scripts or concrete curl/python examples so you know exactly what will be sent to the Coral endpoint; (2) the _meta.json ownerId and the registry owner ID/version differ — verify the publisher identity and version integrity before trusting credentials; (3) SKILL.md references CORAL_API_URL but that env var is not declared in metadata — confirm the endpoint you will be sending data to; (4) review Coral Bricks' privacy policy and test with non-sensitive data first. If you cannot obtain the missing scripts or a clear example of the API calls this skill will make, avoid installing or handing over your CORAL_API_KEY.

Review Dimensions

Purpose & Capability: noteThe declared purpose (store/retrieve agent memory using Coral Bricks) aligns with requiring a CORAL_API_KEY and network-capable binaries (curl/python3). However the SKILL.md consistently references local helper scripts (scripts/coral_store, scripts/coral_retrieve, scripts/coral_delete_matching) even though this is an instruction-only skill with no script files or install spec. That mismatch makes it unclear how the agent is expected to perform the described operations.
Instruction Scope: concernThe runtime instructions direct the agent to run local scripts under scripts/ to call the Coral API, but no scripts or code are included. The SKILL.md also references an optional CORAL_API_URL environment variable that is not declared in the skill metadata. Aside from sending data to the coralbricks.ai endpoint (expected for the feature), the instructions do not ask the agent to read unrelated system files or other credentials.
Install Mechanism: okThis is instruction-only with no install spec and no code written to disk, which is the lowest-risk install posture. Required binaries are standard (curl, python3). Because nothing is downloaded or extracted as part of install, there's no additional install risk from the provided manifest.
Credentials: noteOnly a single primary credential (CORAL_API_KEY) is required, which is proportionate to the declared purpose. However SKILL.md mentions an optional CORAL_API_URL env var that is not listed under requires.env, and the skill instructs exporting CORAL_API_KEY locally — the missing declaration of CORAL_API_URL is a minor inconsistency to be aware of.
Persistence & Privilege: okThe skill does not request always:true and does not claim elevated platform privileges. Autonomous invocation is enabled (default) which is typical for skills. No instructions attempt to modify other skills or system-wide agent settings.