Claw Store 1.3.3
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s memory-storage purpose is coherent, but it handles high-value wallet and encryption secrets and has concrete secret-output and dependency risks that deserve careful review.
Install only if you trust the publisher, runtime API host, and Jackal dependency chain. Keep command output private during first setup, avoid putting unrelated secrets in the skill’s .env file, and do not store highly sensitive memories until the encryption-key output and deprecated crypto dependency concerns are addressed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the generated encryption key appears in logs or chat, anyone with that key and access to the stored ciphertext could decrypt the saved memories.
When a new encryption key is generated, the code prints the full key to stderr. Because save/load operations may be agent-invoked, this secret can end up in tool output, logs, or chat context rather than only in an explicit user backup flow.
print(... "Your memories are encrypted with this key. Back it up:\n" f" export JACKAL_MEMORY_ENCRYPTION_KEY={key_hex}\n", file=sys.stderr)Only reveal the encryption key through an explicit user-requested backup command, suppress secret values from agent-visible stderr, and rotate the key if it has already appeared in logs or chat.
Unrelated secrets placed in that .env file may become available to the Node process and its dependencies.
The JS helper loads every variable from a parent .env file, not just Jackal-specific variables. This is not evidence of exfiltration, but it broadens the credential surface for a networked wallet/storage helper.
const envPath = path.join(__dirname, '..', '.env'); ... if (m) process.env[m[1]] ??= m[2].replace(/^['"]|['"]$/g, '');
Keep unrelated secrets out of the skill’s .env file, or restrict the loader to the specific JACKAL-related variables the skill needs.
A vulnerable signing dependency could increase risk to the wallet used for Jackal storage operations.
The dependency chain includes a crypto package warning about private-key risk, while the skill uses a Jackal mnemonic/private key to control storage ownership.
"deprecated": "This uses elliptic for cryptographic operations, which contains several security-relevant bugs... private keys might still be at risk."
Update to Jackal/CosmJS dependencies that no longer carry this warning, pin reviewed versions, and document any residual wallet-key risk before users store sensitive memories.
Saved memory may influence future agent behavior and may retain sensitive information longer than expected, even though the content is described as client-side encrypted.
The skill intentionally stores and reloads agent memory across sessions. This is expected for the purpose, but persistent memory can carry sensitive facts or instruction-like content into future sessions.
Persist your memory across sessions and machines... Load your identity/memory blob on startup before doing any work... Call save at session end or on significant state changes.
Review what is saved, avoid storing secrets unless necessary, and clear or rotate memory if it becomes outdated, sensitive, or potentially poisoned.