Back to skill
Skillv0.1.0
ClawScan security
Memory Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 3:43 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, requirements, and actions are consistent with its stated purpose (web research and creating/updating Basic Memory notes); it asks for no unusual credentials or installs and operates within the expected scope.
- Guidance
- This skill appears coherent and does what it says: perform web research and create or update Basic Memory notes with your approval. Before installing, confirm the agent environment provides the search and note-write primitives (search_notes, write_note, edit_note) and that you are comfortable with the agent storing researched information in your knowledge base. Be mindful that the skill may collect and store public personal information about people — if you have policies about collecting or retaining PII, restrict use or ask the agent to omit sensitive fields. Finally, verify sources cited in summaries and revoke the skill if it creates notes you did not expect.
Review Dimensions
- Purpose & Capability
- okName/description (research + synthesize into Basic Memory) align with the instructions: web searches, summarization, and use of search_notes/edit_note/write_note to create or update memory entities. Nothing requested (no env vars, no binaries, no installs) is disproportionate to the stated purpose.
- Instruction Scope
- okSKILL.md confines actions to web research, checking/updating the Basic Memory store, producing a structured summary, asking the user for approval before creating notes, and citing sources. It does not instruct reading unrelated local files, environment variables, or sending data to external endpoints beyond citing web sources.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. This minimizes on-disk persistence and arbitrary code execution risk.
- Credentials
- okNo required environment variables, credentials, or config paths are declared; the skill's operations (web search and memory write) match that minimal footprint. The only sensitive action is creating notes (write_note/edit_note), which is intrinsic to the skill's purpose.
- Persistence & Privilege
- okalways is false and the skill does not request elevated platform privileges. It instructs creating/updating its own memory entities (expected behavior) and does not modify other skills or system-wide configs.