Skillv1.1.0

ClawScan security

Memi · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 1:13 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are internally consistent with a personal CRM: it stores data in a local SQLite DB, optionally integrates with Google via a `gog` binary, and does not request unrelated credentials or install arbitrary code.
Guidance: Plain-language considerations before installing: - Data locality & sensitivity: The skill will create and maintain a SQLite DB at ~/.local/share/memi-ri/memi.db containing your contacts, notes, commitments, and relationship metadata. Treat that file as sensitive and back it up/encrypt it if needed. - Google integration: If you install/enable the optional 'gog' tool or grant Google access, the skill can read Calendar, Gmail, and Contacts. Limit permissions (use a secondary Google account or fine-grained OAuth scopes) if you don't want full mailbox/calendar access. - No install script, but unknown source: This is an instruction-only skill with no bundled code, which lowers installer risk, but the package's source/owner is unknown and there is no homepage—consider that before granting persistent access to sensitive data. - LLM provider exposure: Some processing (parsing, drafting messages, behavioral patterning) will involve the LLM provider you have configured in OpenClaw; if that provider is external, sensitive snippets sent to it may leave your machine. Confirm your provider's privacy policy or limit what you send. - Image and screenshot handling: The skill mentions scanning photos/business cards/LinkedIn screenshots but doesn't specify whether OCR or image recognition happens locally or via an external service—ask or test with non-sensitive images first. Recommendations: - If you want to try it, use a limited Google account or deny 'gog' integration initially. - Inspect or export the DB after a trial and delete it on uninstall. - If you need higher assurance, ask the skill author for a homepage/repo or request explicit details about OCR/image processing and exact Gmail/Calendar scopes. Confidence note: Assessment is based on the provided SKILL.md and README; because the skill comes from an unknown source and no code is bundled for deeper inspection, confidence is medium. If you can obtain the skill's upstream source code or an author link, that would raise confidence.

Review Dimensions

Purpose & Capability: okName/description (personal CRM, relationship intelligence) match the declared requirements: sqlite3 for local storage and an optional 'gog' binary for Google Calendar/Gmail/Contacts integration. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: noteSKILL.md instructs the agent to persistently store and update a local DB at ~/.local/share/memi-ri/memi.db and to extract contact, calendar, and email data (when 'gog' is available). That scope is consistent with a CRM, but the instructions are broad: they cover image/receipt/LinkedIn screenshot scanning and ongoing behavioral learning. The doc does not instruct reading unrelated system files or unlisted env vars, but it grants the agent wide latitude to collect sensitive personal data and to call the configured LLM provider for processing.
Install Mechanism: okThis is an instruction-only skill with no install spec and no bundled code; nothing is downloaded or written at install time beyond what the agent itself would create at runtime (the local SQLite DB). This is the lowest install risk.
Credentials: okNo environment variables or secrets are required. Google integration is optional and appears to rely on the user's OAuth flow via a local 'gog' tool rather than on embedded keys, which is proportionate. The persistent local DB is sensitive and proportional to the skill's stated purpose.
Persistence & Privilege: okThe skill stores persistent data in its own DB under the user's home directory (expected for a CRM). It is not marked 'always:true' and does not request system-wide configuration changes or other skills' credentials. Note that autonomous invocation is enabled by default on the platform (not a specific flag here).