RetainCraft
PassAudited by ClawScan on May 14, 2026.
Overview
RetainCraft appears to be a purpose-aligned learning skill, with noteworthy local progress storage, web searches, Python helper commands, and review reminders but no evidence of credential misuse, exfiltration, destructive actions, or hidden purchase behavior.
Before installing, be comfortable with RetainCraft storing learning progress under ~/learn, running python3 scripts/srs.py commands for tests and reviews, and using web search for study questions. Avoid confidential study topics if search privacy matters, and review/delete ~/learn to clear stored progress.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can cause local Python commands to create or modify RetainCraft learning-state files.
The skill directs use of a local Python helper script after module tests to record scores and update levels.
python3 scripts/srs.py record-test <topic> <total> <correct>
Run the commands only from the installed skill directory and review the ~/learn data folder if you want to inspect or remove stored progress.
Learning topics, goals, or questions may be sent through search tools while the skill is helping you study.
The workflow intentionally requires web search for knowledge questions and learning-path planning, which is purpose-aligned but broad.
铁律:AI助手回答任何知识性问题前,必须先搜索验证。
Avoid including confidential personal, work, or proprietary details in study prompts unless you are comfortable with them being used in web-search queries.
Your learning progress, scores, topics, and profile information can persist across sessions and influence later tutoring behavior.
The code stores learning history, simulation history, configuration, and a profile file persistently under the user's home directory.
LEARN_DIR = Path.home() / "learn" ... TEST_HISTORY_FILE = LEARN_DIR / "test_history.json" ... PROFILE_FILE = LEARN_DIR / "profile.json"
Do not store sensitive information as topic names or notes, and periodically review or delete ~/learn if you want to reset the skill's memory.
The agent may proactively remind you about due reviews if the host environment supports heartbeat checks.
The skill advertises proactive review reminders tied to spaced repetition, but the provided artifacts show this as disclosed learning functionality rather than hidden background persistence.
**Heartbeat integration**: auto-reminds when reviews are due
Use the skill if you want reminders; otherwise disable heartbeat/reminder integration in your agent environment or avoid invoking review checks.