Focalpoint Memory
Security checks across static analysis, malware telemetry, and agentic risk
Overview
FocalPoint is a coherent memory/task-management skill, but it needs review because it advertises persistent agent memory and automatic GitHub/Notion syncing while also claiming “no cloud” and not clearly documenting account or sync scope.
Before installing, verify the focalpoint package source and version, locate where its SQLite/events/narratives/knowledge files are stored, and only enable GitHub or Notion sync with minimal scoped credentials after confirming whether it reads, writes, or automatically transfers project data.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may install it expecting purely local operation while later enabling or receiving automatic sync behavior involving GitHub or Notion content.
The artifact simultaneously advertises cloud-service syncing and a no-cloud/local-only posture, which could cause users to underestimate external data movement or account integration risk.
"GitHub + Notion sync — Issues and pages auto-sync as FocalPoint nodes" and "Runs 100% locally on SQLite. No vector DB, no Redis, no cloud."
Clarify whether GitHub/Notion sync is optional, exactly what data is read or written, what cloud services receive data, and avoid broad “no cloud” wording unless sync is disabled.
If configured broadly, the skill could access or modify sensitive workspace/project data beyond what the user intended.
Syncing GitHub issues and Notion pages implies delegated access to external accounts, but the artifact does not describe credential type, permission scopes, read-only versus write behavior, or user approval boundaries for sync.
"GitHub + Notion sync — Issues and pages auto-sync as FocalPoint nodes"
Document the authentication method, minimum required scopes, read/write permissions, per-workspace/project limits, and how users can approve, pause, or revoke sync.
The package may perform additional behavior not visible in this instruction-only review.
The actual runtime is installed from an external package that creates the MCP server binary, while the provided manifest contains only SKILL.md, so the reviewed artifacts do not include the executable implementation.
uv | package: focalpoint | creates binaries: focalpoint
Review the focalpoint package source, pin the intended version, and verify the installed binary before using it with sensitive projects.
Incorrect or sensitive saved knowledge could influence future agent decisions without being re-explained by the user.
The skill intentionally stores project knowledge and reinjects it into future agent context; this is central to the product, but persistent knowledge can also carry stale, sensitive, or misleading instructions into later tasks.
"Assemble L0/L1/L2 -> Trim -> Inject prompt" and "Child tasks inherit parent knowledge automatically"
Keep stored knowledge scoped to specific projects, review inherited context periodically, and provide clear commands to inspect, edit, and delete saved memory.
The tool may continue monitoring task state or producing alerts beyond a single requested interaction.
The skill advertises automatic heartbeat-style monitoring. This appears purpose-aligned, but the shown artifact does not explain when it runs, how alerts are delivered, or how users stop/disable it.
"Proactive alerts — Heartbeat detects blocked, stale, and at-risk tasks automatically"
Document startup behavior, scheduling, notification channels, and a clear way to disable heartbeat/proactive alerts.