Skillv0.1.0

ClawScan security

OpenMemo Memory – Persistent Memory for OpenClaw Agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 7:19 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are coherent with its stated purpose: it implements a local-first persistent memory adapter for OpenClaw agents and does not request unrelated credentials or remote access by default.
Guidance: This skill appears to do what it claims and is local-first by default, but review these points before installing: - The skill talks to an OpenMemo server (default http://localhost:8765). It will not contact remote endpoints unless you explicitly change the endpoint and set allow_remote=True — do not do that unless you trust the remote service. - The memory tools encourage storing decisions, rationale, and error details. Avoid writing secrets (passwords, API keys, PII) into memories, or configure retention/access controls in your OpenMemo adapter. - Installing requires running third-party packages (openmemo, openmemo-openclaw) via pip and starting a local server (openmemo serve). Inspect those packages (PyPI/GitHub) if you need to verify their behavior before running. - Running a local server exposes an HTTP endpoint on your machine; run it with appropriate filesystem and network restrictions and monitor which processes/users can access it. What would change this assessment: evidence of hard-coded remote endpoints, requests for unrelated credentials or config paths, or code that attempts to read system files/network resources beyond the local adapter would be suspicious. If you want extra assurance, review the OpenMemo adapter source and run it in an isolated environment before connecting it to production agents.

Review Dimensions

Purpose & Capability: okName/description (persistent, scene-aware memory, task deduplication) match the included code, tools, and README. The skill exposes three tools (recall_memory, write_memory, check_task_memory) and only communicates with a local OpenMemo adapter; it does not request unrelated environment variables or binaries.
Instruction Scope: noteSKILL.md instructs the agent to call check_task_memory before tasks and to write structured memories (decisions, rationale, errors) after tasks — this is in-scope for a memory system. Be aware this encourages storing operational decisions and rationale which can contain sensitive information; the skill itself does not exfiltrate data, but what gets written may be sensitive.
Install Mechanism: noteNo automated install spec included (instruction-only); the README/SKILL.md recommend 'pip install openmemo openmemo-openclaw' and running 'openmemo serve'. That is a normal, low-risk install pattern (PyPI packages). The package itself depends on 'requests' and performs only local HTTP calls; no downloads from arbitrary URLs or archive extraction are present in the skill code.
Credentials: okThe skill requires no environment variables or credentials. SkillConfig defaults to 'http://localhost:8765' and explicitly rejects non-local endpoints unless allow_remote=True is passed, preventing unintended remote exfiltration by default.
Persistence & Privilege: okalways is false and the skill can be invoked autonomously (platform default). The skill does not request persistent system-wide privileges or modify other skills' configurations. Its runtime behavior is limited to contacting a local adapter and returning results.