ClawHub
Back to skill
v1.0.0

Memory Tiering

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:28 AM.

Analysis

This instruction-only skill is purpose-aligned for memory organization, but it can reorganize persistent memory files that may contain personal facts, logs, and credential references.

GuidanceThis skill appears benign and coherent for memory tiering. Before installing, make sure you are comfortable with it reading and reorganizing memory files and recent logs, and avoid keeping raw credentials or highly sensitive details in those memory tiers.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
Trigger automatically after any `/compact` command.

The skill can run its memory reorganization workflow automatically after compaction, including pruning and summarization of persistent memory, though this is disclosed and aligned with its purpose.

User impactMemory content may be changed after compaction without a separate explicit 'run memory tiering' request.
RecommendationUse this skill when automatic post-compaction memory cleanup is desired, and consider asking the agent to show planned changes before editing memory files.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
**Focus**: Current session context, active tasks, temporary credentials, immediate goals.

The HOT memory tier may include temporary credentials; the skill also advises referencing root files rather than storing raw secrets, which is a mitigating but still sensitive credential-handling pattern.

User impactIf raw credentials are placed in memory, they could be retained or exposed in later context.
RecommendationKeep secrets out of memory files when possible, and store only non-sensitive references or paths with appropriate access controls.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
Read all three tiers and recent daily logs (`memory/YYYY-MM-DD.md`).

The skill instructs the agent to read persistent memory tiers and recent logs, which can influence future context and may contain personal or project-sensitive information.

User impactInformation moved or summarized into persistent memory could affect future agent behavior or retain details longer than expected.
RecommendationReview the memory files before and after tiering, and avoid storing sensitive secrets or unverified claims in persistent memory.