Skillv1.0.0

ClawScan security

Mother.skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 10, 2026, 3:02 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's claimed purpose (local, personal memory preservation) and manifest are mostly coherent, but the SKILL.md contains detected unicode control characters (a common prompt‑injection signal) and the package has unknown provenance — review hidden characters and origin before installing.
Guidance: This skill appears to do what it says (local preservation of memories) but exercise caution because the SKILL.md contains detected invisible unicode control characters and the package provenance is unknown. Before installing: (1) Inspect the raw files (SKILL.md, README) in a hex/verbose text viewer or an editor that shows invisible characters and remove any control characters (look for U+202E RLO, U+200F, U+200E, etc.). (2) Verify the author/source (repo, release, and checksums) or prefer a published package from a known maintainer. (3) Run the skill in a sandboxed environment or with network access disabled if you want to be extra safe — although the skill claims no external transmission, a compromised agent runtime or hidden instructions could still attempt to exfiltrate data. (4) If you are uncomfortable doing this review, do not install or only install from a verified upstream source. Additional information that would raise confidence: a known/github-hosted repository with commit history, signed release artifacts, or a clear explanation of why the SKILL.md contained control characters (e.g., accidental copy/paste).
Findings: [unicode-control-chars] unexpected: Prompt-injection / invisible-unicode control characters are not necessary for a local memory-preservation SKILL.md and could indicate an attempt to hide or manipulate instructions. Because this package is instruction-only, hidden characters are a meaningful risk.

Review Dimensions

Purpose & Capability: okName, description, templates, and instructions all align: a local, instruction-only skill that stores user-provided memories under ~/.mother-skill/. There are no unexpected binaries, env vars, or external-service credentials required.
Instruction Scope: concernThe SKILL.md directs the agent to persistently load and store user memories locally and to 'always load her profile before responding' — consistent with purpose. However, a prompt-injection signal (unicode-control-chars) was detected inside SKILL.md; invisible control characters (e.g., RLO, LTR/RTL overrides) can be used to hide or alter instructions and could manipulate agent behavior or reviewers. Because this is an instruction-only skill, hidden text is the primary attack surface.
Install Mechanism: okNo install spec or downloaded code — lowest risk install profile. The only on-disk writes described are the user data files under ~/.mother-skill/, which match the skill's purpose.
Credentials: okNo environment variables, credentials, or config paths are requested. Storage and behavior described are local and proportional to the stated functionality.
Persistence & Privilege: okalways=false (not forced everywhere). The skill asks to persist user data under the user's home directory, which is expected. It does not request elevated system privileges or modify other skills according to the provided files.