Back to skill
Skillv4.1.3
ClawScan security
π§ Memory Never Forget π§ Β· ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 3:21 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only memory system whose requested actions (reading/writing memory files, running scheduled 'dream' and 'refinement' phases, and injecting short-term summaries into prompts) are consistent with its stated purpose, but there are minor metadata inconsistencies and privacy/operational considerations you should review before installing.
- Guidance
- This skill appears to do what it says: keep short-term and long-term 'memories' by reading and writing files and running scheduled consolidation steps. Before installing, verify: (1) where the memory files will be stored and who/what has access to them; (2) how the platform executes the described cron/session triggers and whether you can disable them or opt out of automatic writes; (3) whether the 'source-verified' claims are trustworthy (there is no homepage and metadata versions in the bundle disagree), and prefer skills with a public repository or author contact; (4) your retention and deletion policy (how to delete MEMORY.md and related logs if you want to remove retained data). If you need strict privacy, do not install until you confirm the platform enforces the file write boundaries and scheduling model to your satisfaction.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: the skill describes a memory subsystem and the SKILL.md exclusively instructs memory-related reads/writes, prompt injection, and scheduled consolidation. It does not ask for unrelated credentials, binaries, or external network endpoints.
- Instruction Scope
- noteInstructions direct the agent to read and write local memory files (e.g., MEMORY.md, memory/YYYY-MM-DD.md, DREAMS.md), spawn a limited sub-agent for memory_search/memory_get, and run scheduled jobs (cron-like triggers). These are coherent with a memory system but imply persistent storage of user data and automatic triggers before replies β this has privacy/consent implications. There is no instruction to read unrelated system files or environment variables.
- Install Mechanism
- okNo install spec and no code files to run; lowest-risk deployment model. The skill is instruction-only so nothing external is downloaded or installed by the skill itself.
- Credentials
- okThe skill requests no environment variables, credentials, or external config paths. All required storage and operations are internal (memory/ and related files), so the declared requirements are proportionate to its purpose.
- Persistence & Privilege
- notealways:false (normal). The skill instructs writing persistent memory files and scheduling daily jobs; it can autonomously inject short-term summaries before replies. While not requesting elevated platform privileges, the persistent write behavior and scheduled/automated runs mean the skill can accumulate user data over time β review retention, visibility, and how/where cron-like triggers execute on your platform.