Back to skill
Skillv0.1.0
ClawScan security
Memory Schema · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 2:08 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required capabilities, and requested access are coherent with its stated purpose (managing and validating memory schemas); it is an instruction-only skill that reads and writes schema/notes and asks for no external credentials or installs.
- Guidance
- This skill is internally consistent with schema management, but before using it: (1) confirm your agent runtime actually provides the referenced note APIs (search_notes, schema_infer, write_note, schema_validate, schema_diff); otherwise the instructions will be ineffective; (2) understand the skill will read and write your memory/notes—back up important notes before bulk schema edits; (3) test schema inference and validation on a small sample to avoid accidental breaking changes, and start with settings.validation: warn before switching to error mode; (4) because it is instruction-only (no install), the SKILL.md is the whole attack surface—it requests no credentials, but only install/use skills you trust to modify your notes.
Review Dimensions
- Purpose & Capability
- okThe name/description (schema lifecycle for Basic Memory) matches the SKILL.md actions: discovering unschemaed notes, inferring schemas, writing schema notes, validating notes, and detecting drift. The functions referenced (search_notes, schema_infer, write_note, schema_validate, schema_diff) are consistent with the stated purpose.
- Instruction Scope
- okInstructions stay within schema management: they describe how to find notes, infer schemas from note content, write schema notes to schema/, validate notes, and detect drift. They do not ask to read unrelated files, request secrets, or transmit data to external endpoints. Note: the SKILL.md assumes the agent runtime exposes specific note-management APIs (search_notes, write_note, etc.); if those APIs are missing or behave differently, the skill's behavior will be undefined.
- Install Mechanism
- okThere is no install spec and no code files; this lowers risk because nothing is downloaded or written by an installer. The entire runtime surface is the SKILL.md instructions.
- Credentials
- okThe skill declares no environment variables, no credentials, and no config paths. The operations described logically require read/write access to the agent's memory/notes (expected for this purpose) but request no unrelated secrets.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or elevated platform privileges. It is user-invocable and can run autonomously per platform defaults, which is expected for a utility skill of this kind.