Skillv1.5.5

ClawScan security

Smart Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 8:20 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (organizing agent memory) and do not request secrets or external installs, though it requires filesystem access and some orchestration conventions to be present.
Guidance: This skill appears to do what it says: reorganize agent memory into structured files and keep them trimmed. Before installing, note that it requires the agent (or user) to have filesystem write permissions in your project workspace and the ability to create scheduled cleanup tasks (cron/heartbeat). The included safe-trim.py will read and overwrite .jsonl session files and create a .bak backup — review the script and run it on copies or in a safe environment first to ensure it targets the correct paths and won't trim live sessions. Clarify how your orchestrator implements 'sessions_send' and 'Sub-Agent-Output-Channel' so summaries and backups won't be misapplied. Because the skill does not request credentials or remote downloads, the risk is low; nevertheless, verify filesystem permissions and backups before enabling automated cron/heartbeat actions.

Review Dimensions

Purpose & Capability: okThe name/description (5-layer memory architecture) matches the SKILL.md and included templates/tools: instructions focus on restructuring MEMORY.md, creating memory/ folders, adding heartbeats/cron rules, and a small safe-trim.py to manage session files. Nothing required (env vars, binaries) is unrelated to the stated purpose.
Instruction Scope: noteInstructions legitimately direct the agent to read and write local memory files (MEMORY.md, memory/active-context.md, memory/projects/*/CONTEXT.md, AGENTS.md, HEARTBEAT.md, daily logs) and to set up scheduled cleanup tasks. A few items are underspecified (e.g., 'sessions_send(...)', 'read last Sub-Agent-Output-Channel') which assume an existing orchestrator/output-channel convention; this is not malicious but should be clarified before use. The guidance to update CONTEXT.md 'immediately in the same response' and automated trimming/backups implies the agent must have write access to the workspace and permission to create cron tasks or scheduled jobs.
Install Mechanism: okNo install spec or external downloads. The only code file is tools/safe-trim.py (included in the bundle). There are no remote URLs or archive extraction steps; risk from install mechanism is minimal.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The operations are file- and schedule-centric, so no additional secrets or cloud credentials are requested—this is proportionate to the described functionality.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent platform-wide privileges. It instructs the agent to write/modify local project files and set up cron/heartbeat tasks (expected for a memory-management skill) but does not modify other skills' configs or request cross-skill credentials.