Skillv11.2.1

ClawScan security

CrabPath · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 27, 2026, 6:34 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package appears to be what it claims: a local, pure-Python memory-graph engine with optional, explicitly opt-in OpenAI integration — no unexplained credential requests or hidden installers were found.
Guidance: This skill is internally coherent: the core is local and dependency-free, while OpenAI usage is optional and present only in helper modules and example/benchmark scripts. Before installing or running anything: 1) if you do not want any network activity, avoid running the examples/benchmarks or passing the --embedder/--llm flags that enable OpenAI; 2) if you enable OpenAI, only provide an API key to the runtime you control and inspect openai_* example code to ensure it uses the key only where you expect; 3) the daemon runs a JSON-RPC over stdin/stdout — treat it like any long-lived process that will load a state.json from a filesystem path you choose; 4) if you plan to run benchmarks or the daemon in production, run tests locally in an isolated environment and review state/save paths to avoid storing sensitive data in shared locations.

Review Dimensions

Purpose & Capability: okName/description (memory graph with optional LLM/embed callbacks) matches the repository contents: core graph code, CLI, daemon, example adapters, and optional OpenAI helper files. The repo separates core (zero-deps hash embedder, VectorIndex, traversal) from optional OpenAI integration (openai_embeddings.py, openai_llm.py and benchmark/example scripts). No required env vars or binaries are declared, which aligns with the 'zero required deps' claim.
Instruction Scope: noteSKILL.md and README explicitly state core makes no network calls and that callers supply embed/LLM callbacks. The examples and benchmark scripts do perform network calls when run with the OpenAI client (they require an OpenAI client / API key if you choose that path). This is documented and opt-in; however, many example and benchmark files will perform network calls if executed, so users should be conscious about running those scripts.
Install Mechanism: okNo install spec is included in the skill metadata (instruction-only skill). The repository contains source files but there is no remote download/install URL or package-fetching step in the skill metadata. That is low-risk from an install mechanism perspective.
Credentials: noteThe skill declares no required environment variables or credentials (primaryEnv none). OpenAI integration and some benchmarks expect an OpenAI client / OPENAI_API_KEY if you choose to run them, but that is optional and appears to be clearly documented in README/benchmarks. No evidence of implicit secret discovery (dotfile/keychain probing) is present in the SKILL.md; the codebase follows an explicit opt-in pattern for API usage in examples/benchmarks.
Persistence & Privilege: okalways:false and disable-model-invocation:false (normal). The package provides a daemon mode that keeps state in memory and exposes a JSON-RPC (NDJSON) protocol over stdin/stdout; this is a documented runtime mode and not secretly forced on agents. The daemon's behavior and state paths are explicit in docs (e.g., ~/.crabpath/main/state.json).