Skillv1.3.7

ClawScan security

Claw Store 1.3.3 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 7:27 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, documentation, and requested environment variables are coherent with its stated purpose (client-side encrypted memory backed by Jackal); nothing in the package requests unrelated credentials or surprising system access, though you should verify the runtime API host and take normal secret-handling precautions.
Guidance: This package appears to be what it claims: client-side AES-GCM encryption and wallet-based storage on Jackal. Before installing: 1) Verify you trust the runtime API host (BASE_URL is https://web-production-5cce7.up.railway.app, different from the homepage) — you may prefer an official or self-hosted endpoint. 2) Do not paste your encryption key or mnemonic into chat; set env vars locally and keep backups offline. 3) Review/package-audit the npm dependencies (run npm audit) and consider installing in an isolated environment or container. 4) Understand that the JACKAL_MEMORY_WALLET_MNEMONIC controls on-chain ownership — losing it could mean permanent loss of access. If you need higher assurance, consider generating and storing the mnemonic in a hardware wallet or secure vault and only using stateless provisioning keys for the agent.

Review Dimensions

Purpose & Capability: okName/description (sovereign agent memory on Jackal) match the code and SKILL.md. The required env vars (API key, encryption key, wallet mnemonic) are exactly what a client that provisions storage and performs client-side encryption would need. The package includes BIP39 wordlist and wallet/key generation code, which is consistent with the stated functionality.
Instruction Scope: okSKILL.md instructions limit actions to wallet/key generation, local storage under ~/.config/jackal-memory, AES-256-GCM encryption, and API calls to the provision/runtime host. The README explicitly tells the user not to paste secrets into chat and to set environment variables locally. There are no instructions to read or exfiltrate unrelated system files or credentials.
Install Mechanism: noteThis is instruction-first with two shipped client implementations (Python and Node). There is no automatic installer in metadata; SKILL.md instructs running 'pip install cryptography' and 'npm install' in the skill folder. Dependencies are pulled from PyPI/npm (no arbitrary URL downloads), which is expected but means you should review or sandbox npm installs. package-lock.json shows widely used packages (some with deprecation/security notices in their own metadata), which is normal but worth auditing before use.
Credentials: okThe required environment variables (JACKAL_MEMORY_API_KEY, JACKAL_MEMORY_ENCRYPTION_KEY, JACKAL_MEMORY_WALLET_MNEMONIC) are all directly relevant to provisioning, encrypting, and signing storage transactions. The skill writes user secrets to ~/.config/jackal-memory (0600) as documented — this is expected but the wallet mnemonic is highly sensitive and must be protected/ backed up out-of-band.
Persistence & Privilege: okSkill is not marked always:true and does not request elevated system-wide privileges. It stores its own files in the user's home config directory and does not modify other skills or global agent settings. The skill can be invoked autonomously (platform default), which is normal for skills and not a standalone reason for concern.