Back to skill
Skillv2.0.0
ClawScan security
Memory Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 16, 2026, 8:16 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose and instructions are plausible for managing OpenClaw memory, but the SKILL.md repeatedly references PowerShell scripts that are not bundled, leaving actual behavior ambiguous and making it unsafe to run without inspecting those scripts first.
- Guidance
- This SKILL.md describes safe rules and PowerShell scripts for managing your OpenClaw memory, but the actual scripts referenced are not bundled — you should NOT run these commands until you either (a) inspect the scripts that live in your workspace (scripts/check.ps1, snapshot.ps1, doctor.ps1, review.ps1, search.ps1, archive.ps1) or (b) ask the skill author to provide the script sources for review. Ensure pwsh (PowerShell) is available if you plan to run them, make a manual backup of MEMORY.md and your memory/ folder first, and run scripts in a sandbox or with dry-run flags if provided. If you cannot inspect the scripts, treat running them as risky because they could modify or exfiltrate memory files despite the stated rules.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the actions described (snapshots, health checks, archiving). The skill does not request unrelated credentials or installs, which is proportionate. However, it claims a resource layout of several scripts (check.ps1, snapshot.ps1, doctor.ps1, review.ps1, search.ps1, archive.ps1) while providing no script files in the bundle — this mismatch should be explained by the author (they may expect these to live in the user's workspace).
- Instruction Scope
- concernRuntime instructions direct the agent (and user) to run pwsh -File scripts/*.ps1 that will read and modify workspace memory files (MEMORY.md and memory/YYYY-MM-DD.md). That is reasonable for a memory manager, but because the actual scripts are not included, there is no way to audit what those scripts do — they could overwrite or exfiltrate data contrary to the 'core rules'. The SKILL.md states safe rules (do not overwrite MEMORY.md), but those rules cannot be enforced without seeing the scripts. The instructions also expect 'openclaw memory search' to be available; the skill does not declare this dependency explicitly beyond examples.
- Install Mechanism
- okNo install spec and no code files are provided, so nothing will be written to disk by an installer. This minimizes supply-chain risk. The only runtime dependency implied is PowerShell (pwsh), which is called in examples and noted as intentionally PowerShell-first for portability.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. That is appropriate for a local memory maintenance workflow and reduces risk of secret exfiltration from the skill bundle itself.
- Persistence & Privilege
- okalways is false and model invocation is allowed by default (normal). The skill does not request elevated or persistent platform privileges. The primary risk comes from executing external scripts in the workspace, not from the skill having persistent privileges.