Back to skill
Skillv1.0.0
ClawScan security
Memory Audit Guardian · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 6:21 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- Instruction-only audit skill that is internally consistent with its stated purpose: it reads the declared memory/core files, computes sizes and quality metrics, and produces a report; it requests no credentials and does not install or call external endpoints.
- Guidance
- This skill is coherent and low-risk in structure: it will read your SOUL.md, USER.md, MEMORY.md, TOOLS.md, and AGENTS.md to generate a weekly audit and will not install software or request credentials. Before installing or running it, (1) review and/or back up those core files if they contain sensitive secrets you don't want analyzed, (2) confirm you are comfortable letting the agent read those files, and (3) if you prefer tighter control, restrict autonomous invocation or run the skill only on demand. If you need network-exfiltration protections, verify your platform enforces outbound restrictions — the skill itself contains no external endpoints or installs.
Review Dimensions
- Purpose & Capability
- okThe skill name and description (memory governance/audit) match the instructions: it only needs to read and analyze SOUL.md, USER.md, MEMORY.md, TOOLS.md, AGENTS.md and produce a report. No unrelated binaries, credentials, or installs are requested.
- Instruction Scope
- noteThe SKILL.md explicitly instructs the agent to read the core files (SOUL/USER/MEMORY/TOOLS/AGENTS) and to compute sizes, detect duplication, and evaluate QMD routing. This is appropriate for a memory audit, but it does mean the skill will access potentially sensitive user content in those files — the guardrails state not to overwrite files without explicit request and to prefer minimal edits.
- Install Mechanism
- okNo install spec and no code files — lowest-risk form. Nothing is downloaded or written to disk by an installer.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths, which is proportionate for a local audit that only reads workspace files.
- Persistence & Privilege
- notealways is false and there is no install persistence. The skill can be invoked autonomously by the agent by default (platform normal), which expands reach but is not unusual; there is no indication it modifies other skills or system-wide settings.