ClawHub
Back to skill
v1.1.1

Working Memory Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:04 AM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override); human review is required before treating this skill as clean.

GuidanceInstall only if you want persistent local memory for the selected project. Run migration in dry-run mode first, review any AGENT.md/AGENTS.md changes, and do not store secrets or sensitive personal details in memory files unless you are comfortable having them reused in later agent sessions. ClawScan detected prompt-injection indicators (system-prompt-override), so this skill requires review even though the model response was benign.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
python <skill-path>/scripts/migrate.py <project-root> --dry-run ... python <skill-path>/scripts/migrate.py <project-root>

The skill asks the user to run local Python scripts that create and modify project files. This is central to the migration/scaffolding purpose and includes a dry-run path.

User impactRunning the scripts can change files in the selected project, including memory files and agent configuration.
RecommendationRun the dry-run migration first, review the planned changes, and keep backups of important project files.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
Patches AGENT.md by appending a memory-management instructions section ... a `.bak` backup is created ... Use `--skip-agent-patch` to skip this step.

The migration can persistently alter the agent's future instructions, but this behavior is disclosed, scoped to AGENT.md/AGENTS.md, backed up, and optional.

User impactAfter migration, the project agent may automatically follow the added memory-management workflow in future sessions.
RecommendationReview the AGENT.md/AGENTS.md patch before relying on it, and use --skip-agent-patch if you do not want persistent instruction changes.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
scripts/loader.py
The assembled memory context ready for injection into a system prompt.

The loader combines saved memory files into context that may influence future agent behavior. This is expected for a working-memory skill, but persistent memory can carry stale, sensitive, or adversarial content forward.

User impactInformation saved in memory files may shape later sessions, including user preferences, project facts, emotional notes, and past decisions.
RecommendationReview memory files periodically, avoid storing secrets or sensitive personal data, and treat saved memory as context rather than unquestionable instructions.