ClawHub
Back to skill
v1.0.0

Codon

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:13 AM.

Analysis

Codon appears to be a straightforward local memory-folder organizer; it only creates and uses workspace files, but those files can persistently store personal or business notes.

GuidanceCodon looks safe for its stated purpose if you want a simple local markdown memory system. Before installing, understand that it will create a persistent MEMORY folder in your workspace and that whatever the agent records there may be reused later, so do not store secrets or sensitive personal/business data unless you are comfortable keeping it in workspace files.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityInfoConfidenceHighStatusNote
SKILL.md
If `MEMORY/` does not exist in this workspace, run it once:

```
bash {baseDir}/init.sh
```

The skill asks for execution of a bundled shell script during setup. The included init.sh shows this is a disclosed, purpose-aligned initializer that creates MEMORY folders and index files.

User impactRunning the setup changes the workspace by creating a MEMORY directory and markdown index files.
RecommendationRun the initializer only in the workspace where you want persistent memory created, and review init.sh first if you want to confirm the exact files it will add.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Write to `MEMORY/<area>/<XX.YY-description>.md` ... People | Contacts, clients, team members

The skill is designed to persist agent memory in markdown files, including potentially personal or business information such as contacts, clients, team members, projects, and work notes.

User impactInformation stored there can persist across future agent tasks and may influence later responses if the agent reads it back.
RecommendationAvoid storing secrets or highly sensitive data, periodically review the MEMORY directory, and remove or correct outdated or untrusted entries.