v0.0.7

skill-heartbeat-memory

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:57 AM.

Analysis

This appears to be a purpose-aligned memory-saving skill, but it should be reviewed because it automatically reads OpenClaw chat history, can preserve deleted sessions, and writes persistent long-term memory.

GuidanceReview this skill carefully before installing. It is not shown exfiltrating data to unrelated endpoints or destroying files, but it is intentionally broad: it can run every 30 minutes, read chat histories, process them with the configured LLM, write MEMORY.md/Daily notes, and preserve deleted sessions. Start with manual runs, set narrow date and batch limits, disable deleted-session scanning if undesired, and periodically inspect generated memory files.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

sessions_list 获取会话列表 → sessions_history 获取消息内容 → sessions_spawn 启动 subagent 进行 LLM 提炼

The documented workflow chains session enumeration, message-history access, and subagent spawning over user conversations.

User impactA single run can collect and process many conversations without per-session approval.

RecommendationUse tight configuration limits and run manually until you are comfortable with the scope; add explicit exclusions or approval gates if available.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

安装并启用 Heartbeat 后，Skill 会每 30 分钟自动执行，无需手动干预。

The skill is intended to run automatically on a schedule after Heartbeat is enabled.

User impactIt can continue scanning and updating memory in the background after installation and Heartbeat configuration.

RecommendationKeep Heartbeat disabled until configured, use manual invocation first, and stop or lower the schedule if you do not want continuous memory collection.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

package.json

"postinstall": "node scripts/post-install.js"

The package defines installer-time code. The shown post-install script appears to print setup guidance and detect environment/provider presence, but package scripts can run automatically in npm-style installs.

User impactIf installed through a mechanism that runs package scripts, code executes during installation.

RecommendationInstall from a trusted source and inspect installer scripts before using npm-style package installation.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

index.js

const raw = execSync('openclaw agents list 2>/dev/null', { encoding: 'utf-8' });

The runtime can execute a fixed local OpenClaw CLI command as a fallback for workspace discovery.

User impactThe skill depends on the local openclaw command found in the environment.

RecommendationEnsure the local OpenClaw binary on PATH is trusted; this finding is purpose-aligned and not evidence of command injection.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

README.md

🚀 无需配置 LLM - 自动使用 OpenClaw 主配置的 LLM

The skill reuses the user's existing OpenClaw LLM configuration to summarize memories.

User impactConversation summaries may be processed using the model provider and account already configured in OpenClaw.

RecommendationConfirm that your configured LLM provider, account, and data policy are acceptable for summarizing private chat history.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

SKILL.md

自动检查新 sessions，生成 Daily 笔记，定期提炼 MEMORY.md，支持备份已删除的 sessions。

The skill is explicitly designed to read session history, generate persistent notes, refine long-term memory, and preserve deleted sessions.

User impactPrivate conversations may be summarized and retained in persistent memory files, including conversations the user expected to be deleted.

RecommendationInstall only if you want this retention. Consider disabling deleted-session filesystem scanning, setting a narrow processSessionsAfter date, limiting maxSessionsPerRun, and periodically reviewing or deleting generated memory files.