v1.0.0

hawk-memory-v2

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:38 AM.

Analysis

This appears to be a legitimate memory-management skill, but it persistently captures and reuses agent context and may route recalled or captured memory through optional LLM providers, so users should review its scope carefully before installing.

GuidanceReview this skill before installing if you handle sensitive chats, client data, credentials, or confidential project details. It is designed to remember and reuse information across sessions, which is useful but requires clear control over what is stored, where it is stored, when it is deleted, and whether hosted LLM providers receive recalled context.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

README.md

pip install lancedb ... openclaw plugins install memory-lancedb-pro@beta

The documentation recommends installing an unpinned Python dependency and a beta plugin outside the provided install spec.

User impactInstalling additional packages or beta plugins expands the trusted code base beyond the reviewed skill artifacts.

RecommendationPin dependency versions where possible and review the beta plugin source and permissions before installing it.

Human-Agent Trust Exploitation

SeverityLowConfidenceMediumStatusNote

SKILL.md

零外部依赖，零 API Key ... 需要先设置 `OPENAI_API_KEY`（可选，用于 embedding）

The artifacts emphasize no API keys and local operation, but later document optional API keys and external provider usage; this is disclosed, but the headline wording could cause users to underestimate data-flow choices.

User impactA user may assume all modes are local-only unless they read the provider-specific sections carefully.

RecommendationTreat the no-API-key claim as applying only to local or keyword modes, and verify which provider mode is active before using sensitive data.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

os.environ["OPENAI_API_KEY"] = "sk-xxx" ... os.environ["MINIMAX_API_KEY"] = "sk-cp-xxx"

The skill documents optional provider credentials even though registry metadata declares no required env vars or primary credential.

User impactProvider API keys may be used for memory extraction or embeddings if the user enables those modes.

RecommendationUse least-privilege provider keys, avoid pasting real keys into shared code, and rotate keys if they are exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

HawkContext ... 自动实现：- autoRecall：对话开始时自动检索相关记忆并注入上下文 - autoCapture：对话结束时自动提取记忆存入 LanceDB

The skill automatically retrieves stored memories into future model context and automatically captures new memories, creating persistent state that can carry sensitive data or untrusted instructions across sessions.

User impactPrivate conversation details, preferences, decisions, or task state may be stored and later reused in future prompts, including cases where stale or poisoned memories influence the agent.

RecommendationInstall only if you want persistent cross-session memory; review where memories are stored, periodically inspect/delete them, and avoid enabling automatic capture for highly sensitive conversations.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

README.md

"content": "Full original content" ... "tier": "working|short|long|archive"

The documented structured memory format stores full original content and keeps it in persistent memory tiers, including long-term and archive layers.

User impactMore than brief summaries may be retained; sensitive original text could persist longer than the user expects.

RecommendationPrefer summary-only or scoped storage where possible, and confirm there is a clear way to exclude, inspect, expire, and delete stored memories.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

SKILL.md

provider="minimax" ... api_key="sk-cp-xxx" ... 支持 provider：minimax | openai | groq | ollama | keyword

The wrapper can use external model providers while autoRecall inserts memory into LLM messages, so recalled or captured memory may be processed outside the local environment when those providers are selected.

User impactIf configured with a hosted provider, remembered user data may be included in requests to that provider.

RecommendationUse the local or keyword modes for sensitive data, and only configure hosted providers after reviewing their data-handling policies.