Back to skill
Skillv5.0.2
ClawScan security
Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 8:07 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions and requirements are generally consistent with a local, persistent-memory tool (SAGE) — it stores memories locally and expects you to run a local SAGE server — but the registry metadata omits some config paths the SKILL.md references and you should verify the SAGE software and local server behavior before trusting it with sensitive data.
- Guidance
- This skill appears to do what it claims: provide persistent local memories via a local SAGE MCP server. Before installing or enabling it, verify the SAGE binary/source you will install (confirm the GitHub repo and release signatures), confirm that the .mcp.json file truly only points at localhost, and review where keys and the SQLite DB (~/.sage/data/sage.db) are stored and how they are protected (file permissions, encryption). Be aware the agent will write per-turn summaries (observations) and register an Ed25519 identity — if you have highly sensitive conversation content, enable SAGE at-rest encryption or avoid storing those items. Finally, ask the skill publisher or registry to fix the metadata mismatch (the SKILL.md references config paths and a repo, but the registry metadata omits them) so you can audit provenance more easily.
Review Dimensions
- Purpose & Capability
- noteThe skill's name and description match the instructions: it implements persistent, consensus-validated memory via a local SAGE MCP server and lists the memory-related tools (sage_turn, sage_remember, sage_recall, etc.). However, the registry metadata declares no required config paths or homepage, while SKILL.md explicitly references local files (~/.sage/data/sage.db and .mcp.json) and a GitHub repository URL — an inconsistency users should be aware of.
- Instruction Scope
- noteSKILL.md confines activity to a local SAGE server and specifies what gets stored (summaries via sage_turn/sage_remember). It mandates calling sage_inception on the first message and sage_turn every turn (which will recall and store observations). This is within the stated memory purpose, but it does mean conversation summaries and task reflections will be written to a local DB and an agent identity (Ed25519 key) will be registered — verify what exactly gets stored and retained.
- Install Mechanism
- okThis is an instruction-only skill (no install spec). SKILL.md tells the user to download/ install SAGE from GitHub releases and run a local server. That external download is expected for this purpose, but you should verify the releases and signatures on the linked repository before installing.
- Credentials
- noteThe skill requests no environment variables or external credentials (proportionate). However, it references specific local config/data paths (~/.sage/data/sage.db and .mcp.json) even though the registry metadata lists no required config paths — this mismatch should be clarified. The skill will create/register an Ed25519 identity for attribution; understand where the private key is stored and protect it.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable; autonomous invocation is allowed (platform default). The skill creates persistent local memory (intended behavior). Note: autonomous use combined with persistent local storage increases blast radius only if the local SAGE server or host is compromised — consider that when deciding to enable autonomous invocation.