Skillv1.0.1

ClawScan security

Memory Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 5:27 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions are coherent with its stated purpose (local file-based memory management using cron), but it requires writing under /root, modifies the user's crontab, and will delete old notes — review those behaviors before installing.
Guidance: This skill is coherent with its purpose (local memory files + cron automation) but review a few things before installing: - Inspect scripts/install.sh and confirm you want files created under /root/.openclaw/workspace. If you don't run as root, adjust WORKSPACE to a path inside your home directory to avoid permission errors. - The installer edits the crontab and adds a job that runs every minute. Consider changing the schedule to a less frequent interval if you don't need 1-minute resolution. - weekly-review.sh will delete memory/*.md older than KEEP_DAYS — back up any important notes and set KEEP_DAYS carefully. - No network calls or secret exfiltration were found, but you should still run the install script in a safe environment (or review/modify it) before executing, especially because it writes under /root and modifies crontab. If you want a lower-privilege install, change WORKSPACE in the scripts to a user-owned directory and then run the installer as that user. If unsure, don't run the installer until you've validated those changes.

Review Dimensions

Purpose & Capability: okName/description (memory management, daily summaries, realtime writes) align with included scripts and declared binaries (bash, cron). The skill only uses local files and cron to implement the workflow, which is proportionate to the stated purpose.
Instruction Scope: concernRuntime instructions and scripts read and write local files (MEMORY.md, memory/*.md, config, marker/timestamp files), create templates, and delete old notes. Those actions are within scope for a memory workflow but are potentially impactful: weekly-review deletes files older than KEEP_DAYS, and cron-driven auto-creation will run without interactive confirmation. Also, troubleshooting suggests sourcing the install script which would re-run setup logic. Review the deletion/auto-write semantics to ensure you won't lose data unintentionally.
Install Mechanism: okNo external downloads or package installs. The package is instruction-plus-scripts only; install.sh only creates local files, templates and a cron job. This is a low-risk install mechanism in terms of remote code fetch.
Credentials: concernThe scripts hardcode WORKSPACE="/root/.openclaw/workspace" and operate under /root. That assumes root-level access or will fail under an unprivileged user. The skill does not request secrets or external credentials, which is appropriate, but requiring write access to /root and the ability to edit crontab is elevated and should be deliberate.
Persistence & Privilege: concernThe installer modifies the user's crontab to run a job every minute (persistent system-level change). While required for the timeout mechanism, frequent cron execution and automated file writes/deletions increase blast radius if misconfigured. The skill does not set always:true, but it does persist via cron and writes to long-lived files.