Back to skill
Skillv3.0.0
ClawScan security
Dist · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 13, 2026, 1:26 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The plugin appears to implement a local memory engine as described, but there are package/manifest inconsistencies (missing bundled model file, name/path mismatches) and packaging choices (native dependencies, filesystem DB) that don't fully match the SKILL.md claims and deserve review before installing.
- Guidance
- This plugin implements a local memory engine and mostly behaves as described, but check these before installing: - Packaging mismatches: the registry entry/metadata contains inconsistent names/paths and SKILL.md claims a bundled ONNX model (~90MB) that is not listed in the provided files. Ask the author or inspect the package to confirm the model file is actually included or whether the plugin will fall back to a simpler (less accurate) embedding method. - Persistent local storage: by default it creates/uses a SQLite DB at ~/.openclaw/memory/memories.db and will save extracted user/AI content and embeddings. If you don't want conversation content persisted, do not install or change dbPath to a controlled location or disable automatic saving via configuration. - Native dependencies: the package depends on better-sqlite3 and onnxruntime-node which install native binaries; review build steps, and install in an environment where you trust building native modules. - Configuration: you can limit exposure by setting a custom MEMORY_ENGINE_DB_PATH, disabling cleanup/autosave, or enabling debug to inspect behavior. If the missing model is a concern, request a release that includes the model or confirm the fallback behavior. Given the inconsistencies, I recommend obtaining a clear build/release artifact (or official npm package) and confirming presence of the model and manifest paths before trusting this plugin with sensitive conversations.
Review Dimensions
- Purpose & Capability
- noteThe code implements a local memory engine (SQLite store, embedding extraction, compression, rule engine) that matches the described functionality. However there are packaging/metadata mismatches: the top-level metadata shows the skill name as "Dist" while the plugin identifies itself as "memory-engine", and the SKILL.md claims an included ONNX model (~90MB) but the provided file list does not include a models/all-MiniLM-L6-v2.onnx file. These inconsistencies may be benign (packaging issues) but are unexpected.
- Instruction Scope
- okSKILL.md and the runtime code focus on memory capture, semantic search, compression, and local storage. Runtime instructions and code operate on conversation messages and local DB files; they do not attempt to access unrelated system areas or remote endpoints. The code does read environment variables for configuration (DB path, model path, debug toggles) which is consistent with a configurable local plugin.
- Install Mechanism
- noteNo install spec is included in the registry entry (instruction-only), but a full npm package layout and package.json with native dependencies (better-sqlite3, onnxruntime-node) are present. Installing via npm will pull native modules that may compile or install native binaries. That is expected for this plugin's functionality but increases installation complexity and risk compared to pure JS packages.
- Credentials
- okThe skill declares no required environment variables or credentials. The code does use several optional environment variables (HOME/USERPROFILE for default DB path, MEMORY_ENGINE_* flags for configuration, MEMORY_ENGINE_DEBUG, MEMORY_ENGINE_MODEL_PATH). These are proportional to its purpose (configuring DB path, model path, and debug). No credentials or unrelated service tokens are requested.
- Persistence & Privilege
- concernThe plugin writes a SQLite DB to the user's filesystem by default (~/.openclaw/memory/memories.db) and stores conversation content and embeddings. This is expected for a memory plugin but is a sensitive capability — it persists potentially sensitive user data locally. The plugin is not marked always:true and does not request other skills' config, but users should be aware it will store conversations on disk.