Skillv1.0.0

ClawScan security

Real Memory Continuity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 8:59 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions align with its stated purpose (post-session reflection, structured memories, and surfaced questions); it reads/writes local files but does not request external credentials or contain obvious exfiltration paths in the provided files.
Guidance: This skill appears coherent: it manages local, file-backed memories and surfacing questions and does not ask for credentials. Before installing/using it, consider the following: - Review and control where memories are stored: set CONTINUITY_MEMORY_DIR to a safe, access-restricted path (do not leave sensitive transcripts in world-readable locations). - The analyze_session() function is currently a placeholder; any production implementation could call an external LLM or API and would transmit conversation content. Only run the skill if you trust how (and where) reflection is implemented. - Run the script in a sandbox or with least privilege, and avoid running as root. Inspect new files it creates (questions.md, identity.md, reflections/*.json) and periodically audit or purge stored transcripts you don't want retained. - If integrating with your platform's heartbeat/session logs, confirm the path and that logs don't contain credentials or secrets you don't want stored or processed. Given the truncated file and placeholder for the core analysis step, I give medium confidence — nothing in the provided files is malicious, but future/modified implementations could introduce network calls or external data transmission, so verify any changes before use.

Review Dimensions

Purpose & Capability: okThe name/description (asynchronous reflection, memory extraction, question generation) match the included SKILL.md and scripts/continuity.py. The files implement a file-backed memory/question/identity workflow and reference integrating with a heartbeat and session logs — this is coherent with the stated goal. There are no unexpected required binaries or credentials declared.
Instruction Scope: noteSKILL.md instructs adding a heartbeat trigger and running commands like 'continuity reflect', 'continuity greet', etc. The code reads/writes a memory directory (default: ~/clawd/memory) and can read 'session' transcript files (or be pointed to a session file). The provided analyze_session() is a placeholder; the comment indicates that in production it would call an LLM to analyze conversations. That future behavior (sending conversation content to an LLM or external API) is not implemented here, but the instructions anticipate it — review any future implementation carefully as it may transmit sensitive transcripts.
Install Mechanism: okThere is no install spec (instruction-only with an included script). No downloads or package installs are declared. Low risk from install mechanism, but note the script would need to be stored and executed on the host to operate.
Credentials: okThe registry metadata declares no required environment variables or credentials. The SKILL.md and script reference optional environment variables (CONTINUITY_MEMORY_DIR, CONTINUITY_IDLE_THRESHOLD, CONTINUITY_QUESTION_LIMIT) for configuration — these are proportional to the functionality and do not request secrets or unrelated credentials.
Persistence & Privilege: notealways:false (no forced presence). The skill writes persistent files under a memory directory (default under the user's home). This is expected for a memory/continuity tool but does mean conversation data will be stored locally. Ensure file permissions, encryption, and the chosen memory directory are acceptable. The skill does not appear to modify other skills or system-wide agent configuration.