Skillv1.0.0

ClawScan security

Claw Store Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 3:57 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested environment variables are coherent with a client that encrypts data locally and sends it to a remote Jackal-backed service; nothing in the bundle attempts to access unrelated credentials or system areas.
Guidance: This package appears to do what it says: it encrypts memories locally and sends ciphertext to a remote service. Before installing, consider: (1) Trust the remote host (https://web-production-5cce7.up.railway.app) because while it cannot read your plaintext, it will see key names, sizes, and CIDs and will accept requests guarded by your JACKAL_MEMORY_API_KEY. (2) Securely back up your encryption key — losing it makes data unrecoverable; leaking it lets an attacker decrypt stored memories. The client prints the key on keygen and will create ~/.config/jackal-memory/key, so avoid running keygen in shared logs or shells. (3) If you need stronger assurance, self-host the server endpoint or audit the server code; you can also review the included client.py (provided) to confirm no hidden behavior. (4) Do not store long-lived secrets in memories unless you accept the risk profile described above.

Review Dimensions

Purpose & Capability: okName/description (recoverable agent memory backed by Jackal) match the implementation: the client encrypts data client-side and POSTs/GETs to the declared BASE_URL. Requiring JACKAL_MEMORY_API_KEY is proportional to accessing a remote storage API.
Instruction Scope: okSKILL.md instructions align with the client.py implementation: it reads/writes an encryption key under ~/.config/jackal-memory/, reads JACKAL_MEMORY_API_KEY and optional JACKAL_MEMORY_ENCRYPTION_KEY, and provides save/load/usage commands. The instructions do not ask the agent to read unrelated files or exfiltrate other environment variables.
Install Mechanism: okNo install spec is included; this is an instruction-plus-script package. The only runtime dependency is the standard cryptography Python package (SKILL.md instructs pip install cryptography). No external downloads, archive extraction, or obscure install URLs are used.
Credentials: noteOnly JACKAL_MEMORY_API_KEY (required) and JACKAL_MEMORY_ENCRYPTION_KEY (optional override) are used. This is proportional, but users must understand that the API key grants access to the remote service and that metadata (key names, sizes, CIDs) will be visible to that service even though content is AES-256-GCM-encrypted client-side.
Persistence & Privilege: okThe skill is not forced-always, is user-invocable, and does not modify other skills or system-wide settings. It writes a key file only under ~/.config/jackal-memory/ which is within its stated scope.