Back to skill
Skillv1.0.1
ClawScan security
Openclaw Auto Dream Lite · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 22, 2026, 7:16 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (periodic consolidation of local workspace memory files), requests no credentials or installs, and only operates on workspace memory files.
- Guidance
- This skill appears to do exactly what it says: periodic, local consolidation of memory files. Before installing, ensure you: (1) are comfortable with the agent having read/write access to MEMORY.md and files in memory/ (it will backup MEMORY.md.pre-dream and can restore), (2) review existing MEMORY.md and daily log contents for any sensitive data you wouldn't want processed, (3) test the first dream run manually in an isolated workspace to verify behavior, and (4) note the SKILL.md mentions MyClaw.ai only as a provider reference but the prompts do not invoke external network calls — if you later modify the skill or add scripts, re-check for any outgoing endpoints. If you need stricter guarantees, lock sensitive files or run the skill in an isolated agent/session.
Review Dimensions
- Purpose & Capability
- okName/description (daily memory consolidation) matches the instructions: reading daily logs, updating MEMORY.md, adding consolidation markers, and writing a dream log. No unrelated credentials, binaries, or external services are required by the runtime instructions.
- Instruction Scope
- okSKILL.md and the dream-prompt only reference workspace files under memory/, MEMORY.md, and the skill's reference files. The steps are specific (backup, count files, consolidate, append markers, archive logs, produce a short notification) and do not instruct reading unrelated system paths, environment variables, or sending data to external endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code to write to disk. This minimizes risk and aligns with the lightweight description.
- Credentials
- okNo environment variables, credentials, or config paths are required. All file access mentioned is limited to workspace memory files and the skill's own references.
- Persistence & Privilege
- okThe skill does not request always:true or modify other skills or agent-wide config. It runs via cron/agent turn per the instructions and writes only to MEMORY.md and memory/ files as described.