Back to skill
Skillv1.0.0
ClawScan security
Shang Tsung · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 9:53 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions are coherent with its stated purpose (local, file-based persistent memory); it only reads/writes Markdown in a workspace and the included shell script performs only local filesystem operations.
- Guidance
- This skill appears to do what it claims: local, file-based persistence. Before installing, (1) review scripts/souls-helper.sh yourself (it's small) to confirm the target directory is correct; (2) store your workspace in a location you control — memory files may contain personal or sensitive context; (3) if other skills or your agent runtime have network access, be aware those components could read and transmit the same Markdown files — the skill itself does not exfiltrate data; (4) prefer setting SOULS_DIR explicitly if you want to avoid accidental writes outside an expected path; and (5) verify the upstream repository if provenance matters (skill.json points to a GitHub repo). If you need enforced privacy guarantees (not just guidance), consider additional runtime controls (restrict network access, limit which sessions can read MEMORY.md).
Review Dimensions
- Purpose & Capability
- okName/description (persistent memory, SOULS, Second Brain) match the contents: documentation + a single bash helper that creates/reads numbered soul files and manages workspace-local memory files. No extraneous credentials, network access, or unrelated binaries are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to read/write local files (SOUL.md, PROOF_OF_LIFE.md, MEMORY.md, memory/*, souls/*) which is expected for a persistence system. The docs advise loading MEMORY.md only in private sessions (a privacy policy, not an enforced guard). Users should note these files may contain personal context and that the guidance relies on agent behavior rather than an enforcement mechanism.
- Install Mechanism
- okInstruction-only skill with a single included script; no install spec, no downloads, no external packages. The helper is pure bash and the README/SECURITY.md accurately describe its local-only nature.
- Credentials
- okNo secrets or unusual environment variables are required. Optional variables (AGENT_NAME, SOULS_DIR, WORKSPACE) are reasonable for namespacing and path overrides and align with the documented functionality.
- Persistence & Privilege
- okSkill is not always:true and has no elevated platform privileges. It writes only to the workspace (user-specified path) and does not modify other skills or global agent configuration. Autonomous invocation is allowed by default (platform normal) but the skill's actions remain local.