OpenClaw Memory Audit
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a local, read-only secret scanner with no evidence of exfiltration or file mutation, but users should treat its results as best-effort.
This looks safe to use for a local secret audit. Run it only in the workspace you want inspected, review any output before sharing it, and remember that “no secrets found” means no matches in the files it successfully read—not a guarantee that every file was checked.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Local files may be inspected for secrets, and any matches are printed with the file path, line number, type, and a masked value.
The scanner recursively reads files under the selected target directory, which may include workspace or memory-log content containing sensitive information.
for root, dirs, files in os.walk(root_dir): ... findings = scan_file(file_path)
Run it only against the workspace you intend to audit, and avoid sharing scan output unless you have reviewed it.
A user could believe the workspace is fully clean even if some files were skipped due to read errors.
Unreadable files are silently skipped, so the success message may overstate coverage if some files could not be scanned.
except Exception as e:
pass
...
print("✅ No secrets found in workspace.")Treat clean results as best-effort and consider improving or manually checking coverage if this is a high-stakes audit.