Chat Refiner
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent as a chat-history summarizer, but it explicitly tells the agent to preserve API keys/configs and persistent instructions in memory files.
Use this only with review enabled for memory edits. Do not let it summarize transcripts containing raw API keys, tokens, passwords, or untrusted prompt text unless those items are redacted before being written to MEMORY.md or summary files.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Secrets that appear in a transcript could be copied into memory or summary files and later exposed, reused, or included in future context.
The principles explicitly instruct the agent to preserve API keys/configuration values during refinement instead of redacting or masking them.
- **Keep**: ... Configs (API keys, models).
Do not preserve raw API keys or secrets. Redact or mask them, and keep only a safe note that a credential/config was discussed.
Bad, stale, or prompt-injected transcript content could be turned into persistent memory and influence future agent behavior.
The skill persists distilled instructions and configurations from transcripts into memory files, but does not specify validation, source trust, or review before future reuse.
Keep explicit instructions, disciplines, important configs, skills learned (how), user 'remember this' info. ... Produces concise MEMORY.md updates or summary files.
Require user review before writing MEMORY.md, preserve source citations, and filter out untrusted instructions or content that should not become persistent guidance.