Skillv1.0.0

ClawScan security

Echo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 2:52 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to sync local OpenClaw markdown memories to Supabase but provides no install instructions, required binaries, or any credential/environment guidance — that mismatch is unexplained and risky.
Guidance: Do not install this skill without clarification. Ask the author for the source code or repository and for an explicit install spec (how to obtain the 'echo-memory' CLI). Request a list of exact environment variables the tool needs (typical: SUPABASE_URL and a key) and insist on least-privilege credentials (avoid a Supabase service role key unless absolutely necessary). Verify where data will be uploaded and ensure your local memory files contain no secrets before syncing. If you must test, run it in an isolated environment (sandbox or container) and require the developer to provide reproducible install steps (npm/pip package name or GitHub release) and a privacy/security README explaining data handling and required credentials.

Review Dimensions

Purpose & Capability: concernThe description says it will 'upsert to Supabase' and manipulate local memory files, but the package declares no required environment variables, no primary credential, and no required binaries. A Supabase sync normally requires a SUPABASE_URL and a key (anon or service role) and a client/CLI; the skill does not request or document those, which is inconsistent with its stated purpose.
Instruction Scope: concernSKILL.md lists CLI commands (echo-memory sync/restore/status) and references parsing and upserting local workspace markdown to cloud storage, but gives no detail on which Supabase project/endpoint, what credentials to use, or how to handle conflicts. It will inherently access local workspace files (expected) and transmit them to a cloud target (not documented). The instructions are too vague about endpoints/credentials and therefore grant implicit broad discretion.
Install Mechanism: concernThere is no install spec and no included code. The SKILL.md references an 'echo-memory' CLI, but the skill does not declare that the binary is required or provide an installation source (package name, repo, or release). It's unclear how the commands will exist on the agent's PATH — missing install instructions are a material omission.
Credentials: concernNo environment variables or credentials are declared despite operations that require networked database access. This is disproportionate: syncing to Supabase will require at minimum a URL and a key. The absence could mean the skill expects secrets to be provided at runtime in an ad-hoc way or to be discovered, which is unsafe.
Persistence & Privilege: okThe skill does not request permanent presence (always:false) and does not declare modifications to other skills or system-wide settings. No special persistence or elevated platform privileges are requested.