Skillv1.0.4

ClawScan security

OpenClaw EverMemory Installer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 17, 2026, 5:51 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's scripts and instructions are consistent with an installer/publisher for the EverMemory plugin and companion skill; it performs expected operations (install, enable, bind slot, restart gateway, verify, and publish) and does not contain signs of exfiltration or unrelated capabilities.
Guidance: This skill appears to do what it says: install, verify, and publish the EverMemory plugin and skill. Before running it, review the included scripts line-by-line and run them from a trusted checkout. Be aware that the scripts will enable the plugin, modify OpenClaw config (bind the memory slot), and may restart the OpenClaw gateway — perform these on a test/staging instance first. Publishing steps call clawhub and npm and therefore will use whatever CLI login credentials are active; prefer dry-run flags (the publish_plugin.sh defaults to --dry-run) and confirm package.json is correct (not private) before a real publish. If you have any doubt, run the verify script and the install steps manually rather than granting automated execution.

Purpose & Capability: okName/description match the files and actions: scripts call openclaw, clawhub, npm and perform install/verify/publish flows that are necessary for an installer/publisher for EverMemory.
Instruction Scope: noteSKILL.md and the scripts instruct the agent to run CLI commands that modify system state (enable plugin, set config plugins.slots.memory, restart gateway) and to publish to ClawHub/npm. These are expected for this purpose but are powerful operations: the instructions do not attempt to read unrelated system files or send data to unknown external endpoints.
Install Mechanism: okThere is no automated install spec; the skill is instruction + helper scripts only. The included scripts do not download or extract arbitrary remote archives or run installers from untrusted URLs.
Credentials: noteThe skill declares no required env vars, which aligns with the files, but the runtime expects the operator to be authenticated to ClawHub and npm (via their CLIs). Those credentials are used indirectly by clawhub and npm commands rather than exposed as skill-specific env vars; that is reasonable but users should be aware publishing will use whatever CLI credentials are active.
Persistence & Privilege: okalways:false and the skill does not request persistent elevated platform privileges. It performs local configuration changes (plugin enable, config set, gateway restart) within the expected scope of an installer.