CrabPath
PassAudited by ClawScan on May 1, 2026.
Overview
CrabPath appears purpose-aligned, but users should be aware that it persistently stores workspace memory, can optionally send text to OpenAI, and includes user-run maintenance/daemon features.
Before installing or using CrabPath, verify the package source, choose a narrow workspace, avoid indexing secrets, use the offline hash embedder for private data, and back up files before running compaction or long-lived daemon workflows.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Content indexed from a workspace, corrections, teachings, or directives may influence future answers until removed or rebuilt.
The skill intentionally stores workspace-derived memory and standing instructions for later retrieval, which is central to the product but can preserve incorrect, sensitive, or untrusted context.
Builds a **`state.json`** brain from your workspace. ... **DIRECTIVE** — same as TEACHING (use for standing instructions)
Use CrabPath on trusted, scoped workspaces; avoid indexing secrets; review injected directive/correction nodes; and keep separate state files for separate projects or trust domains.
Workspace chunks or query text may be sent to OpenAI when OpenAI embedding or LLM modes are used.
The optional OpenAI embedding path sends text being indexed to an external provider; this is disclosed and purpose-aligned, but it changes the data boundary.
return client.embeddings.create(
model="text-embedding-3-small", input=[text]
).data[0].embeddingUse the built-in hash embedder for sensitive/offline data, and enable OpenAI modes only for content you are allowed to send to that provider.
If OpenAI modes are used, the agent or shell environment needs access to an API key for that account.
Optional OpenAI-backed workflows rely on an OpenAI API credential even though the registry declares no required credentials; the use is expected for that mode and no leakage is evidenced.
raise SystemExit("OPENAI_API_KEY is required to create missing embeddings")Provide API keys only when intentionally using OpenAI features, keep them out of indexed workspaces, and prefer least-privileged project keys where possible.
A daemon can keep memory state loaded and write changes automatically while it is running.
The skill documents a persistent worker process, but it is user-started, communicates over stdin/stdout, and is disclosed as a performance feature.
For production use, run CrabPath as a long-lived daemon ... Auto-saves after N write operations; graceful SIGTERM/SIGINT shutdown
Run the daemon only when needed, point it at the intended state file, and stop it when the project or session is finished.
Running compaction may rewrite or reduce note files after extracting facts into the graph.
The documented compaction command can modify local note files; it is scoped and user-directed, but it is a meaningful local mutation.
Daily note compaction (`crabpath compact`) ... old notes → extract facts → inject into graph → shrink files
Back up important notes or use version control before running compaction, and run it only on the intended memory directory.
Users have less registry-provided information for verifying the package origin before installing or trusting local code.
The registry metadata does not provide a source repository or homepage, while the README documents package installation; this is a provenance note rather than evidence of unsafe behavior.
Source: unknown; Homepage: none
Verify the package name, publisher, and distribution source before installing or running the CLI.