Skillv1.0.0

ClawScan security

Memory Management Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 1:44 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only guide about agent memory systems and does not request credentials, installs, or unrelated permissions — its requirements align with its stated purpose.
Guidance: This skill is a design-and-hardening guide for agent memory and appears internally consistent. It does not request credentials or install anything. Before using the guidance to implement production systems, however, take these precautions: 1) enforce authentication/authorization for any ingestion or write endpoints (do not accept unauthenticated writes); 2) enforce tenant isolation and never allow cross-user memory reads; 3) avoid bulk memory dumps and require scoped queries; 4) do code reviews for any implementation that the agent helps generate, especially network/API code and storage access; and 5) when connecting to real memory services, use least-privilege service accounts and test in staging. The SAFETY.md guardrails included are helpful — verify your implementation actually enforces them.

Review Dimensions

Purpose & Capability: okName/description match the content. The skill is instruction-only and does not ask for unrelated binaries, environment variables, or credentials. The frameworks and topics it discusses (Mem0, Zep/Graphiti, Letta, Cognee, etc.) align with the stated goal of memory architecture guidance.
Instruction Scope: noteSKILL.md provides detailed design guidance and includes a SAFETY.md with explicit guardrails (e.g., avoid bulk dumps, require auth for write endpoints, tenant isolation). The instructions do not directly tell an agent to read local files, exfiltrate data, or access secrets, but they do describe building ingestion endpoints, pipelines, and networked components — which, when implemented, could require privileged access. The presence of SAFETY.md mitigates many immediate risks, but implementations following the guidance should be reviewed for real-world security controls.
Install Mechanism: okNo install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself, which reduces supply-chain risk.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. It does not request unrelated secrets and therefore does not appear to ask for disproportionate privileges.
Persistence & Privilege: okalways:false and default model invocation are used (normal). The skill does not request permanent presence or modify other skills' config; it simply provides guidance and guardrails.