Skillv1.0.0

ClawScan security

Memory Auto Index · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 16, 2026, 10:32 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, paths, and behaviors match its stated purpose (auto-indexing local MEMORY.md and memory/ files), but because it relies on running local shell scripts that are not provided there is a moderate need for caution (review scripts and sanitize inputs before use).
Guidance: This skill is coherent with its purpose, but you should NOT run it blindly. Before use: (1) review any scripts referenced (scripts/auto-index-memory.sh, build-memory-index.sh) to ensure they do only the expected local edits and do not call remote endpoints; (2) avoid constructing shell commands with unescaped user-controlled values — prefer passing arguments safely or using libraries instead of exec with interpolated strings to prevent command injection; (3) back up MEMORY.md before running automated edits and ensure scripts run with least privilege (not world-writable/executable by untrusted users); (4) if you add semantic-search features, check whether they send data to external services and whether that is acceptable. If you want higher assurance, provide the actual script contents for review.

Purpose & Capability: okName/description describe indexing MEMORY.md and memory/ content, and the SKILL.md only references local files and local helper scripts (scripts/auto-index-memory.sh, build-memory-index.sh). No unrelated credentials, binaries, or external services are requested — functional scope matches purpose.
Instruction Scope: noteInstructions explicitly call local shell scripts and operate on MEMORY.md and memory/*.md files (expected). However, the examples show constructing shell commands by interpolating subject/tags into an exec call, which risks command injection if inputs are not escaped; SKILL.md also recommends grep-based maintenance that will read repository files (also expected).
Install Mechanism: okNo install spec and no code files are included (instruction-only). That minimizes installer risk, but also means the actual scripts referenced are not present for review — the user must add/review them locally.
Credentials: okNo environment variables, credentials, or config paths are requested. All file accesses are to MEMORY.md and memory/ (consistent with purpose).
Persistence & Privilege: okSkill is not always-enabled and does not request elevated platform privileges. It instructs local script execution only; nothing suggests it will modify other skills or global agent configuration.