Back to plugin
Pluginv1.0.0
ClawScan security
solana-deploy-memory-hook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 18, 2026, 12:40 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The code, SKILL.md, and hook metadata are internally consistent: the package only reads/writes workspace memory markdown files and injects a generated MEMORY.md into the agent bootstrap context.
- Guidance
- This hook appears to do what it says: it will create/ensure memory/*.md files and write a workspace-level MEMORY.md, then add that file to the agent bootstrap context. Before installing, confirm that (1) the workspace.dir referenced is the intended workspace, (2) the memory files do not contain any secrets you don't want visible to the agent (anything added to MEMORY.md becomes part of bootstrap context), and (3) you trust the plugin source. If you want extra assurance, inspect handler.ts locally (it is short and readable) before enabling the hook. Otherwise it is low-risk and scoped to the workspace files only.
Review Dimensions
- Purpose & Capability
- okThe hook's name/description match the included files and handler.ts implementation. All required metadata (events, required config workspace.dir) are present and used as expected. There are no extra credentials, binaries, or unrelated capabilities requested.
- Instruction Scope
- okThe runtime instructions and handler only read/write files under the workspace (memory/*.md and workspace/MEMORY.md) and mutate the bootstrapFiles array. There are no network calls, no access to unrelated system paths, and no instructions to collect or transmit data outside the workspace. It explicitly states it does not store secrets.
- Install Mechanism
- okNo install spec is embedded in the registry entry (instruction-only). README/INSTALL recommend installing the plugin archive via OpenClaw; that is a normal distribution method for hooks. No downloads from arbitrary URLs or extract operations are present in the package metadata. The repository includes the hook source (handler.ts), which will be installed as part of the plugin—this is expected.
- Credentials
- okThe skill requests no environment variables, no credentials, and its HOOK.md/openclaw.plugin.json declare only a workspace.dir config requirement, which the handler uses. There are no secret-like env names or unrelated credential requests.
- Persistence & Privilege
- okalways is false and the hook only registers for the agent:bootstrap event. It does not modify other skills or global agent configuration. Its persistent effect is limited to adding MEMORY.md into bootstrapFiles for sessions in the workspace.