Claw Store Skill

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its memory-storage purpose, but it can persist sensitive agent memory off-device and prints the encryption key in command output.

Install only if you are comfortable using a third-party remote memory service for agent state. Avoid saving passwords, API keys, or highly sensitive personal data; review what is saved; protect the encryption key; and do not run keygen or first-save flows where command output may be logged or shared.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone who sees the command output or logs could obtain the encryption key and decrypt stored memories if they can access the encrypted data.

Why it was flagged

The encryption key used to decrypt stored memories is saved locally in plaintext and printed to command output when generated; the keygen command also prints the active key. In agent/tool runs, command output can be logged or exposed.

Skill content

_KEY_FILE.write_text(key_hex) ... export JACKAL_MEMORY_ENCRYPTION_KEY={key_hex} ... file=sys.stderr

Recommendation

Avoid printing the encryption key in agent-visible output, restrict key-file permissions, and require an explicit user action through a secure channel before revealing or backing up the key.

Medium

#ASI06: Memory and Context Poisoning

What this means

Private details, credentials, or instructions could be saved and reused across future sessions, and plaintext memory may appear in command logs or process history.

Why it was flagged

The skill encourages persistent remote memory saves and says the content may be sensitive, while the main save interface places plaintext memory directly in the command invocation before encryption.

Skill content

python {baseDir}/jackal-memory/client.py save <key> <content> ... Call save at session end or on significant state changes ... Treat memory content as sensitive

Recommendation

Save only user-approved, redacted memories; do not store credentials; prefer stdin or a protected file/structured tool interface over command-line plaintext; treat loaded memory as untrusted context.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing the latest package from PyPI carries normal dependency supply-chain risk.

Why it was flagged

The dependency is purpose-aligned for encryption, but the setup instruction does not pin a version or provide a lockfile/install spec in the artifacts.

Skill content

Install dependency: `pip install cryptography`

Recommendation

Install dependencies from a trusted environment and consider pinning or locking the cryptography version.