Back to skill
Skillv1.0.0
ClawScan security
Google Vertex AI Memory Bank · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 6:20 AM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are coherent with its stated purpose (setting up a Vertex AI–backed memory plugin), but it runs external code (git clone + npm install) and requires a Google account with permissions — review the repository and limit credentials before use.
- Guidance
- This skill appears to do what it says: set up a Vertex AI memory plugin. Before running the setup script: 1) Review the upstream repository and its package.json (postinstall/build scripts) so you know what code will run when npm install/build executes. 2) Avoid using a broad personal/project owner account interactively; prefer a service account with the minimum IAM roles required for enabling aiplatform and creating the reasoning engine (or review permissions first). 3) Understand that agent memories (including any sensitive data) will be stored in your GCP project — check retention/TTL, encryption, and privacy. 4) Test in a non-production project to observe costs and behavior. If you want higher assurance, manually perform each step (enable API, create reasoning engine, inspect plugin code) rather than running the script unreviewed.
Review Dimensions
- Purpose & Capability
- okName and description claim a Vertex AI memory plugin; the SKILL.md and setup script perform GCP/Vertex AI operations, install an npm plugin, and configure openclaw.json. Required tooling (gcloud, Node.js, npm) and enabling Vertex AI are consistent with that purpose.
- Instruction Scope
- okRuntime instructions and the included setup.sh stay within the stated task: checking tools, creating a Vertex AI reasoning engine, cloning the plugin repo, building it, and advising how to configure/restart OpenClaw. The script uses gcloud auth tokens and creates resources in the user project (expected for this integration). It does not reference unrelated system paths or ask for unrelated secrets.
- Install Mechanism
- noteThere is no packaged install spec; the setup script clones https://github.com/Shubhamsaboo/openclaw-vertexai-memorybank and runs npm install && npm run build. Cloning from GitHub is reasonable, but running npm install executes whatever package scripts exist in that repo — this is normal for installing plugins but carries the usual risk of executing arbitrary code from the upstream repo. The script does not validate git is installed (minor robustness issue).
- Credentials
- noteThe skill declares no required env vars, which matches the bundle. However, the setup relies on gcloud application-default credentials (or interactive gcloud login) and uses gcloud auth print-access-token to call the Vertex AI REST API. That requires a Google identity with permissions to enable services and create reasoning engines (project-level privileges). This is expected for the stated task but is high-privilege relative to typical local tools — use least-privilege credentials (service account with limited roles) rather than a broad personal account.
- Persistence & Privilege
- okalways is false and the skill does not request permanent platform-wide inclusion. The script writes to ~/.openclaw/plugins and suggests edits to ~/.openclaw/openclaw.json — scoped to the user's home. The plugin will persist user/agent memories to Vertex AI (by design), so consider privacy and retention settings, but no unexpected privilege escalation is present in the package itself.