dob
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a persistent “deep memory” skill, but it is advertised as a generic toolbox and asks the agent to store long-term notes and run helper scripts that are not included.
Review before installing. Use it only if you want a persistent workspace-level memory store. Do not store secrets or private project details, require explicit approval before adding memories, and do not run the referenced Node scripts unless you can verify they are actually included and safe.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Setup may fail, or the agent may execute code whose source was not included in the reviewed skill package.
The provided manifest contains only SKILL.md/no code files, while the skill asks to run a Node script from `skills/depth-memory`, not the `dob` skill. If followed, the agent could depend on absent or unrelated local code.
skill 安装后需要运行初始化脚本... `node skills/depth-memory/scripts/setup.mjs`
Do not run the referenced scripts unless they are present in the installed skill package and have been inspected. Prefer manual creation of the documented files until the package is corrected.
Private, outdated, or maliciously crafted information could be retained and reused in later tasks without the user realizing it.
The instructions encourage the agent to proactively create persistent reusable memory from read content and to write/edit the memory index directly, without explicit approval, retention, deletion, or untrusted-content handling boundaries.
读完一篇文档/博客,主动提取关键内容存入 deep-memory ... 直接用 `write` 工具写文件 + 手动编辑 `DEEP-MEMORY.md`
Require explicit user approval before adding entries, avoid secrets or private project details, mark stored content as untrusted context, and provide a clear deletion/cleanup process.
A user could install it expecting a simple toolbox without realizing it creates and consults long-term memory files.
The public description is generic and does not tell users that the skill manages persistent workspace memory; SKILL.md discloses the behavior, but the registry description under-states it.
Description: 工具箱。
Rename or redescribe the skill to clearly state that it is a persistent deep-memory/knowledge-base tool.