v1.0.3

Daydreamer

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:58 AM.

Analysis

Daydreamer is purpose-aligned, but it should be reviewed because it can copy prior Claude Code session logs into persistent memory files and reuse them during scheduled daydreams.

GuidanceBefore installing, decide whether you are comfortable with prior Claude Code session logs being read and summarized into Daydreams.MD. If you use it, set a narrow DAYDREAM_WORKSPACE, review and redact generated memories, avoid storing secrets in memories, and disable or limit scheduled daydreams unless you actively want recurring runs.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityLowConfidenceHighStatusNote

SKILL.md

Automated sessions will run on the configured schedule.

Scheduled operation is disclosed and user-configured, but it means the skill may continue creating logs, memories, and ideas after setup.

User impactThe skill may run recurring daydream sessions and update persistent files according to the configured schedule.

RecommendationKeep the schedule disabled or conservative unless you want recurring memory-based activity, and periodically review the generated files.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

tools: Read, Write, Edit, Bash, WebSearch

These tools are consistent with the stated daydreaming workflow, but they allow local file reading/writing, command execution of the bundled script, and web searches.

User impactThe skill can modify workspace files, run local Python commands, and perform web searches as part of normal operation.

RecommendationUse it only in a workspace where these file writes are acceptable, and keep command execution limited to the documented daydream.py commands.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.

The registry metadata under-declares the runtime expectations because SKILL.md requires Python 3.8+ and instructs running the bundled daydream.py script.

User impactInstallation expectations may be less clear than the registry metadata suggests.

RecommendationVerify the bundled script and Python requirement before installing, and prefer metadata that accurately declares local runtime dependencies.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

SKILL.md

The script outputs a list of Claude Code session log files ... Read each file and extract meaningful events ... Write each event as a memory (aim for 50 total)

This directs the agent to read prior local session logs and persist selected content into Daydreams.MD for future reuse, without clear file-scope limits, redaction guidance, or explicit approval for harvesting old logs.

User impactPrivate details from previous coding sessions could be copied into a persistent memory log and later resurfaced or used in automated daydreams.

RecommendationRequire an explicit opt-in before reading session logs, show the exact files to be read, let the user review or redact proposed memories, and define retention and exclusion rules.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Each cycle's prompt contains the full accumulated context from every previous cycle.

The skill intentionally carries forward all accumulated context between cycles; if stored memories or prior responses contain sensitive content or bad instructions, they can keep influencing later agent behavior.

User impactA sensitive or misleading memory can persist across the session and shape future outputs.

RecommendationTreat memories and prior cycle text as untrusted reference data, not instructions; add filtering, summarization, and user review before carrying context forward.