Back to skill
Skillv1.0.0
ClawScan security
Basal Ganglia Memory 0.1.1 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 28, 2026, 12:54 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an under-development, instruction-only placeholder that declares no binaries, no installs, and no credential or file access — it appears coherent with its stated purpose but currently provides no functioning behavior.
- Guidance
- This skill is a non-functional, 'coming soon' entry: it contains only descriptive text and no code, installs, or credential requests, so it doesn't pose an immediate risk but also doesn't provide functionality yet. Before installing or enabling future updates: (1) prefer skills that include source/homepage and a reputable owner; (2) review any new install steps or required environment variables (especially STORAGE, DB, or CLOUD credentials); and (3) re-check runtime instructions for file access, network endpoints, or background persistence before granting model autonomy.
Review Dimensions
- Purpose & Capability
- okThe name/description (habit/procedural memory) matches the SKILL.md content. The skill makes no demands (no env vars, no binaries, no install) which is proportionate for a descriptive, in-development skill. It does promise features that would eventually need storage/learning infrastructure, but nothing here claims or requests those resources now.
- Instruction Scope
- okSKILL.md is purely descriptive and contains no runtime commands, file paths, or instructions to read environment variables or transmit data. Because it contains no actionable runtime instructions, it cannot perform out-of-scope actions in its current form. Note: it is vague and marked 'Under Development', so future versions could add broader behavior.
- Install Mechanism
- okThere is no install spec and no code files; nothing will be written to disk or downloaded by this package as presented.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths. That is proportionate to the current non-functional, documentation-like state. If future releases implement habit-tracking, expect the addition of persistent storage or API keys — those should be reviewed when introduced.
- Persistence & Privilege
- okalways is false and there are no install hooks or self-modifying instructions. Model invocation is allowed by default (normal); combined with the current lack of functionality, there is no privilege escalation risk at present. Future changes that add persistent agents, background tasks, or storage would warrant re-review.