Back to skill
Skillv3.0.0
ClawScan security
PV_26 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 8, 2026, 2:08 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (training/help in plain language) matches the included persistent-memory features, but the runtime instructions contain mismatches (references to a pv_memory module that isn't packaged) and instruct automatic local storage of user data without safeguards — this is coherent for a personal assistant but raises privacy and operational concerns.
- Guidance
- This skill will automatically persist user 'memories' to ~/.openclaw/pv_palace/memories.json and is designed to remember preferences and decisions. Before installing: 1) Confirm you are comfortable with local persistent storage of potentially sensitive info; there is no mention of encryption, retention, or consent. 2) Note the SKILL.md references a pv_memory module (python import) but the package contains no code files — ask the author how the memory functions are provided at runtime or whether the agent will generate files. 3) If you proceed, inspect ~/.openclaw/pv_palace/ regularly, consider restricting what you allow the skill to store, or disable its automatic memory behavior if you need stronger privacy guarantees.
Review Dimensions
- Purpose & Capability
- okName/description (培训指导、通俗化表达) align with the provided behavior: the SKILL.md implements a 'training manager' persona and includes local persistent memory functions to remember preferences/decisions, which is reasonable for this kind of assistant.
- Instruction Scope
- concernThe instructions explicitly tell the agent to read/write a local file (~/.openclaw/pv_palace/memories.json) and to 'automatically' store user preferences and decisions. That is within the skill's purpose but expands scope to persist potentially sensitive user data. Additionally, example runtime commands import 'pv_memory' (e.g., from pv_memory import store_memory) but the skill bundle contains no code files — a coherence problem: the SKILL.md assumes a module that is not provided, which may break runtime behavior or cause the agent to create/execute code dynamically.
- Install Mechanism
- okNo install spec and no code files are present; this is instruction-only, which minimizes install-time risk. Nothing in the manifest downloads or installs external binaries.
- Credentials
- noteThe skill requests no environment variables or external credentials (good). However, it instructs persistent local storage of user data in an unencrypted JSON file with no mention of user consent, retention policy, encryption, or opt-out — this is a privacy risk proportional to the data the assistant will store.
- Persistence & Privilege
- notealways:false and no global config modifications — so no elevated platform privileges. Still, the skill declares automatic long-term memory (persistent on-disk state) which increases blast radius for sensitive data if the memory is enabled.