Skillv0.8.5

ClawScan security

Neolata Memory Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 12:58 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This is an instruction-only skill describing a Node.js memory library and its integration points; its requested capabilities and optional credentials are consistent with a memory engine, but you should verify the upstream npm package/repo before installing and be cautious when enabling remote backends or webhooks.
Guidance: This skill is instruction-only and describes a Node.js memory library; it appears coherent, but follow these steps before installing or enabling remote features: - Inspect the upstream package/repo before npm install: run `npm view ... scripts` / `npm view ... dependencies` and `npm pack --dry-run`, and review the repository source referenced in SKILL.md. The SKILL.md and registry metadata show small mismatches (version and homepage) — confirm you're installing the intended release. - Start in memory mode (`storage.type='memory'`) or local JSON to evaluate behavior before enabling persistence or networked backends. - Never supply a Supabase service key to a client agent; prefer anon/public keys with RLS as the docs recommend. - Treat webhookWritethrough and any configured remote embedding/LLM providers as explicit exfiltration surfaces — only point them at endpoints you control and trust. - If you depend on the OpenClaw gateway, provide OPENCLAW_GATEWAY_TOKEN securely; otherwise avoid configuring remote LLMs/embeddings. If you want higher assurance, request the exact npm tarball URL or a commit hash from the publisher so you (or an auditor) can verify the installed code matches the documentation.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (graph-native memory engine) matches the SKILL.md and reference docs: methods, storage backends, embedding/LLM integration, and runtime helpers are all memory-related. Minor metadata inconsistencies exist: SKILL.md frontmatter lists version 0.8.4 while the registry shows 0.8.5, and registry metadata lists no homepage/source while SKILL.md points to a GitHub repo. These are administrative mismatches but do not change the stated purpose.
Instruction Scope: noteInstructions are focused on memory operations (store/search/context/decay/etc.). They explicitly document when data is sent off-host (embeddings, LLM extraction, Supabase storage, webhook writethrough) and provide safety guidance (SSRF guards, use memory mode, prefer anon keys + RLS). Runtime helpers (heartbeatStore, preCompactionDump) do instruct the host to extract key moments from conversation text — expected for a memory engine but worth noting since they cause the agent to collect conversation content.
Install Mechanism: okNo install spec is included in the skill bundle (instruction-only), so nothing is written/executed by the platform. The SKILL.md recommends an npm package (@jeremiaheth/neolata-mem) hosted on GitHub; installing that package is a user action outside this skill. The author recommends verifying the tarball and notes zero runtime deps, which is prudent. Because the skill does not itself download/run code, install risk is low, but installing the referenced npm package carries the usual supply-chain risk and should be audited.
Credentials: noteThe registry lists no required env vars; SKILL.md documents optional envs (OPENAI_API_KEY, OPENCLAW_GATEWAY_TOKEN, NVIDIA_API_KEY, AZURE_API_KEY, SUPABASE_URL, SUPABASE_KEY) and states that only OPENAI_API_KEY and OPENCLAW_GATEWAY_TOKEN are read directly by code by default. These optional credentials align with the described features (embeddings, LLM gateway, Supabase). The presence of supabase keys and webhook URLs is an explicit exfiltration/privilege surface if configured — the docs themselves warn about preferring anon keys with RLS and not using service keys in clients.
Persistence & Privilege: okalways:false and no install scripts in this bundle. The skill does not request persistent platform privileges. It documents local JSON storage by default and an in-memory test mode; persistent or networked storage only occurs if you explicitly configure Supabase, embeddings, LLMs, or webhooks. Autonomous invocation is allowed by default (platform normal) but the skill does not request elevated or always-on privileges.