Skillv1.0.1

ClawScan security

Clude Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 17, 2026, 10:23 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions are coherent with a local-first persistent-memory tool that uses an npm package (clude-bot); the main risks are installing code from npm and possible unexpected cloud sync (which the docs mention but don't declare credentials for).
Guidance: This skill appears to do what it says: provide a persistent memory engine by installing and running the clude-bot package locally. Before installing, consider: 1) npm install/npx will fetch and install third-party code — review the clude-bot package and its GitHub source (links are in README) to ensure you trust the maintainer; 2) the 'local-first' claim is accurate for operation but the initial install typically requires network access; if you truly need offline-only guarantees, don't run npm/npx on a machine with network access or verify you already have the package offline; 3) avoid enabling cloud mode unless you understand where your memory data will be stored and which credentials are used (the skill does not declare required cloud credentials); 4) test in a sandbox or VM if you want to limit blast radius; and 5) be mindful of privacy — memories can include personal data and the skill recommends automatic recall at session start, so decide which types of data you allow it to store and retrieve.

Review Dimensions

Purpose & Capability: noteThe skill claims a local-first, offline memory engine and provides instructions that use the clude-bot npm package and an MCP server. Asking the agent to call 'remember'/'recall' etc. matches the described purpose. Slight mismatch: the 'fully offline' claim is misleading because the provided install commands (npx / npm install -g) will fetch code from npm the first time unless the package is already present.
Instruction Scope: okSKILL.md stays on-topic: it instructs installing and running a local MCP server, using tools remember/recall/forget/stats/visualize, and to recall at session start. It does not instruct reading unrelated system files or scanning environment variables. It does, however, recommend automatic recall at session start (autonomous behavior) and documents an optional cloud mode (which implies remote syncing of memories).
Install Mechanism: noteThere is no platform install spec in the registry, but scripts/install.sh runs npm install -g clude-bot and uses npx. This is a standard public-registry install path (moderate risk): it will download and install third-party code from npm. There are no obscure URLs or archive extracts, but installing a community npm package writes code to disk and should be reviewed before running.
Credentials: noteNo environment variables or credentials are declared in the registry metadata, which is fine for local mode. However, the skill advertises an optional cloud mode (sync across devices) that likely requires remote credentials or accounts; those are not declared or explained. That omission is a proportionality/clarity gap rather than an immediate technical mismatch, but worth noting for privacy/security decisions.
Persistence & Privilege: okThe skill does not request always:true and does not declare system-level config changes. It instructs the agent to recall at session start (autonomous invocation), which is consistent with the skill's purpose. Users should be aware that autonomous recall means long-term stored memories will be read automatically when sessions begin.