Skillv2.2.3

ClawScan security

Clever Compact · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 11:54 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and runtime instructions align with its stated purpose: it writes and later restores local plaintext state files to reduce compaction loss; it does not ask for external credentials or network access and its filesystem usage matches the documented behavior.
Guidance: This plugin appears to do what it says: it saves and restores local plaintext state files to reduce memory loss across sessions. Before installing, review where files will be written (~/.openclaw/workspace/memory by default or OPENCLAW_WORKSPACE if set) and periodically inspect/delete memory/compact-state-*.md files to ensure no secrets were captured. Audit any cron/heartbeat/automation that will call api.fn("clever-compact:write") so it doesn't write credentials or other sensitive values. If you use this in a shared environment or backed-up workspace, consider tightening retention (maxStateAgeHours) and access controls on the memory directory.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, index.ts, and manifest are consistent: the plugin reads/writes state files in a local memory/ directory and injects the most-recent file at session start. All required capabilities (filesystem access in workspace) are proportionate to the stated goal.
Instruction Scope: okRuntime instructions limit actions to writing a Markdown state file and injecting it once at session start. The SKILL.md explicitly warns not to include secrets and documents trigger mechanisms (manual, cron, heartbeat, api.fn). No instructions attempt to read other system configuration or transmit files externally.
Install Mechanism: okNo remote install/downloads or third-party registries are used; installation is local (copy folder or openclaw plugins install from local path) and the plugin consists of the included files. This is low-risk and expected for an OpenClaw extension.
Credentials: noteThe plugin reads OPENCLAW_WORKSPACE and HOME to locate the workspace and creates files under memory/. It does not request secrets or external credentials. Note: state files are plaintext and may capture sensitive data if the agent/automation includes it; the docs warn about this, but filesystem writes are inherently sensitive and should be audited.
Persistence & Privilege: noteThe skill does not set always:true and doesn't modify other skills. It exposes api.fn("clever-compact:write") so other tools/automations can programmatically trigger state writes — this is intentional and useful, but any automation that calls that function should be audited so it doesn't cause unexpected captures of sensitive context.