Skillv1.0.0

ClawScan security

OpenClaw Advanced Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 1:24 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, install steps, and runtime instructions are consistent with a local, three-tier memory system and do not request unrelated credentials or external endpoints beyond local services (Ollama, Qdrant, Redis).
Guidance: This skill appears coherent and implements a local three-tier memory pipeline. Before installing: (1) review scripts/install.sh, mem-capture.service (user systemd unit), and the cron entries to confirm you accept those persistent changes; (2) confirm Ollama, Qdrant, and Redis will run locally and are not exposed to untrusted networks (the scripts assume unauthenticated localhost services); (3) be aware mem-capture will read your OpenClaw transcripts (~/.openclaw/...), and mem-curate will extract and permanently store 'gems' (including names and decisions) in Qdrant — if this data is sensitive, adjust filters or run in an isolated environment; (4) consider running the scripts manually (not via install.sh) in a sandboxed account to observe behavior first; and (5) if you want stricter security, add auth/network restrictions to Qdrant/Redis or modify scripts to redact PII before storage.

Review Dimensions

Purpose & Capability: okName/description claim persistent, searchable agent memory. Required components (Redis, Qdrant, Ollama, Python libs) and the included scripts implement exactly that. No unrelated credentials, cloud APIs, or extraneous binaries are requested.
Instruction Scope: noteSKILL.md and scripts instruct the agent to read OpenClaw transcript files (~/.openclaw/...), buffer them to Redis, index into Qdrant, and run nightly local LLM curation. This is within the stated purpose, but it does mean the skill will read and persist all captured transcripts (including names, decisions, PII) into local DBs — a privacy consideration the user should be aware of.
Install Mechanism: noteNo remote arbitrary-code download URLs in the registry entry, but the package includes an installer script (scripts/install.sh) that: pip-installs dependencies (network fetch), creates Qdrant collections, writes/starts a user systemd unit, and installs cron jobs. These actions are expected for persistent memory infrastructure but are persistent changes to the user environment and require review before running.
Credentials: okNo environment variables or credentials are requested. All services target localhost. The skill assumes local, unauthenticated Qdrant/Redis/Ollama instances — reasonable for a local-only design but you should ensure those services are secured on multi-user or networked hosts.
Persistence & Privilege: noteInstaller enables a user-level systemd service and adds cron jobs (mem-warm, mem-curate). This is expected for a long-running capture/curation system but does give the skill persistent presence in the user's account — review the systemd unit and crontab changes before installing.