Skillv1.0.0

ClawScan security

Agent Memory Architecture · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:17 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it's an instruction-only, file-based memory architecture and its requirements and instructions align with that purpose.
Guidance: This skill is coherent and appears to do what it says, but before installing or enabling it consider the following: (1) provenance: the source/homepage is unknown — prefer skills from a known maintainer or review the full SKILL.md and templates yourself. (2) Sensitive data: do not store secrets, API keys, or plaintext credentials in these memory files; the templates encourage documenting 'infrastructure' and 'credentials locations' which is risky if misused. (3) File protections: restrict file permissions on workspace/memory, consider encrypting those files at rest, and plan retention/secure-deletion policies. (4) Autonomy impact: because the agent will read/write these files across sessions, test the behavior in a sandboxed agent first to ensure it doesn't record or leak private data inadvertently. (5) Posting behavior: the platform-posts template contains URLs — ensure any automated posting workflows check for duplicates and require explicit operator approval before posting. If you want to proceed: review and sanitize templates to remove any fields that might encourage storing credentials, set strict file permissions, and run the skill in a restricted environment until you’re comfortable with its behavior.

Review Dimensions

Purpose & Capability: okName/description (agent memory, long-term logs, heartbeat, cron inbox, platform-posts, strategy notes) matches the provided SKILL.md and templates. There are no unrelated required binaries, environment variables, or installs that would be inconsistent with a file-based memory system.
Instruction Scope: okSKILL.md focuses on creating/reading/writing files under workspace/memory and templates; it does not instruct the agent to read arbitrary system files, call unknown external endpoints, or exfiltrate data. It does instruct the agent to load 'today + yesterday' logs at session start and to process/clear cron-inbox entries, which is consistent with the stated message-bus design.
Install Mechanism: okNo install spec and no code files — instruction-only. This minimizes disk-write and supply-chain risk because nothing is downloaded or executed as part of installation.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. Templates mention 'Infrastructure' and 'credentials locations' only as fields to document in MEMORY.md (a documentation recommendation), which is not the same as requesting credentials from the environment.
Persistence & Privilege: noteThe skill is intended to persist files under workspace/memory (writes/reads/clears). It does not request elevated privileges or 'always:true', but persistent storage itself means sensitive data may be kept across sessions — consider access controls. Autonomous invocation is allowed (platform default) which is expected for a memory utility.