Skillv1.0.0

ClawScan security

Enhanced Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:35 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions align with its stated purpose (local hybrid memory search using a local Ollama embedding model); it does not request unrelated credentials or remote endpoints, but it will read and index workspace markdown and logs so you should control what lives in the memory/ workspace and where embeddings are sent.
Guidance: This skill appears to do what it says — locally index and search Markdown memories using Ollama embeddings — but review the following before installing or running: 1) Inspect the files under memory/ and the listed core files (MEMORY.md, USER.md, AGENTS.md, SOUL.md, research.md) and remove or relocate any sensitive content you don't want embedded. 2) Ensure OLLAMA_URL is the local Ollama instance (default http://localhost:11434). Do not point OLLAMA_URL to an untrusted remote server because the skill will send your memory text to that endpoint. 3) The scripts read access_log.json and query_log.json; if these logs contain sensitive queries, expect them to be used for salience scoring. 4) The tool writes memory/vectors.json and memory/crossrefs.json — treat these files as sensitive (they contain embeddings and references) and protect them accordingly. 5) Run the scripts in an isolated or non-production workspace if you are unsure. If you want tighter scope, set MEMORY_DIR to a directory containing only the content you consent to index.

Review Dimensions

Purpose & Capability: okName/description (enhanced memory search using embeddings + keyword/filepath/temporal signals) match the provided scripts: embedding, search, cross-referencing, and salience scoring. Required resources (Ollama embeddings, local memory/ .md files, vectors.json) are coherent with the stated purpose.
Instruction Scope: noteSKILL.md and scripts instruct the agent to index all .md files under memory/ plus several core workspace files (MEMORY.md, AGENTS.md, USER.md, SOUL.md, research.md) and to read access_log.json and query_log.json for salience scoring. This is within scope for a memory tool, but it means the skill will read any Markdown in the workspace (including potentially sensitive files and search logs).
Install Mechanism: okNo install spec; instruction-only with bundled Python scripts. No external binary downloads or archived install actions are performed by the skill. The SKILL.md suggests installing Ollama and pulling the model, which is appropriate and expected.
Credentials: noteThe scripts do not require secrets or credentials. They use environment overrides (MEMORY_DIR, OLLAMA_URL, EMBED_MODEL) which is reasonable. Important risk: embeddings and text are sent to the configured OLLAMA_URL — by default this is http://localhost:11434/api/embed (local Ollama), but if OLLAMA_URL is set to a remote endpoint it would transmit your memory contents to that host. Also, because the tool indexes workspace files and logs, it could expose PII or sensitive content if those files exist.
Persistence & Privilege: okThe skill is not always-enabled and does not modify other skills or system-wide configs. It writes vectors.json and crossrefs.json into the memory directory (expected for indexing). No elevated privileges or persistent background processes are requested.