Skillv1.0.0

ClawScan security

A powerful memory management system powered by ReMe that provides persistent cross-session memory, automatic user preference application, and intelligent context compression for OpenClaw. · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 9:13 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and file I/O are consistent with a ReMe-based persistent memory manager, but it persistently stores conversation data and can auto-send files—review retention, autosend behavior, and the external reme-ai dependency before use.
Guidance: This skill appears to do what it claims (a local ReMe-based memory manager). Before installing or enabling it, check the following: 1) Inspect or vet the reme-ai package (pip dependency) to confirm it doesn't send data to remote services you don't trust. 2) Review and control where .reme, MEMORY.md, and memory/*.md are stored and backed up — they will contain conversation text and preferences, which may include sensitive data. 3) Disable or audit any automatic 'send file' behavior (message.send) if you do not want files forwarded without an explicit user confirmation. 4) Decide retention and cleanup policies (retention_days/backups) or add encryption/access controls if needed. 5) If you are uncertain how reme-ai runs (local vs cloud), test the skill in a sandboxed environment first. These are operational privacy risks rather than indicators of incoherence with the stated purpose.

Review Dimensions

Purpose & Capability: okName/description (persistent memory, preferences, compression) align with the included scripts and docs: init/search/add/save scripts use a ReMeLight API and read/write under .reme/memory/MEMORY.md. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md and scripts instruct the agent to initialize ReMe each session, search/add memories, and write daily summaries and MEMORY.md files. This is in-scope, but the skill also recommends automatic 'message.send(path=...)' behavior for auto-sending generated files and instructs saving full session messages — both of which can persist or transmit user content without additional consent. That behavior is expected for a memory manager but raises operational caution (automatic sending, unfiltered storage of conversation text).
Install Mechanism: okThe package is instruction-only for the platform (no automated install spec). SKILL.md and README advise 'pip install reme-ai' but the skill does not embed downloads or arbitrary external URLs. The only external dependency is the reme-ai package, which the user/installer must evaluate separately.
Credentials: noteNo environment variables, credentials, or surprising config paths are requested — only local working directories (.reme, memory/, tool_result/). However, the skill persists full session messages, summary files, tool outputs, and backup/archive commands; these behaviors can retain sensitive data. The autosend preference (automatic message.send) could cause unintended transmission of files that include secrets. No explicit encryption/access control is shown.
Persistence & Privilege: okalways:false and no system-wide config changes are requested. The skill writes and manages its own working directory (.reme) and memory files (expected for this functionality). Autonomous invocation is allowed by default (normal) — combined with persistent storage and autosend this increases blast radius, but autonomy itself is not a mismatch.