ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Use when a session reveals stable user preferences, workflow corrections, or project conventions that should be preserved for future sessions. Also use when user explicitly asks to remember rules, update guidance, or summarize learnings.

v1.0.0

Use when a session reveals stable user preferences, workflow corrections, or project conventions that should be preserved for future sessions. Also use when...

0· 52·0 current·0 all-time
byTaiChangXieBuWan@lq434239
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (capture stable preferences and project conventions) match the instructions: scan the session, decide what is durable, and merge it into a CLAUDE.md (global or project). No unexpected environment variables, binaries, or external services are requested.
Instruction Scope
The SKILL.md instructs the agent to 'review the whole session' to find preferences and corrections — this is necessary for the stated purpose. It explicitly prohibits storing full prompt text, secrets, code facts/file paths, and PII. Still, reading the entire session can expose sensitive data (secrets or private content) even if the skill promises not to store them, so the agent's runtime/tooling must be trusted to enforce that promise.
Install Mechanism
Instruction-only skill with no install spec and no code files to write to disk; lowest-risk install posture.
Credentials
No environment variables, credentials, or config paths are required. The requested file paths (~/.claude/CLAUDE.md or project CLAUDE.md) are proportional to the skill's purpose.
Persistence & Privilege
The skill intends to create or update a CLAUDE.md in the user home or project. It normally shows proposed changes and waits for confirmation, but it also permits 'update directly' or writing during an automatic SessionEnd hook — which could write without an explicit per-change confirmation if the agent is configured to run that hook. The skill metadata does not set always:true, so forced inclusion is not indicated.
Assessment
This skill is coherent for its purpose: it will read your session to learn stable preferences and write short rules into ~/.claude/CLAUDE.md or a project CLAUDE.md. Before installing or enabling it: 1) Decide whether you trust automatic SessionEnd hooks — the skill can write without confirmation in that mode; if you want manual control, ensure the agent prompts you. 2) Back up any existing CLAUDE.md you care about so merges are reversible. 3) Avoid exposing secrets or sensitive data in the session (the skill says it will not store secrets, but it still reads the session). 4) On first runs, review proposed changes carefully and confirm the formatting/location meet your expectations. If you are uncomfortable with automatic writes, disable the SessionEnd hook or require explicit confirmation.

Like a lobster shell, security has layers — review code before you run it.

latestvk977nrxv13xeshgn3d3h0qnzys84hsnb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments