Skillv1.2.6

ClawScan security

MemSync Dual Memory System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 3:12 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, docs, and runtime instructions consistently implement a full conversation logger that writes JSONL and uses the memvid CLI; it is coherent with its stated purpose but has important privacy and operational trade-offs you must accept and review before installing.
Guidance: This skill is internally consistent with its stated purpose (a comprehensive conversation logger), but it intentionally captures a lot of sensitive data. Before installing: 1) Review tools/log.py and install.sh line-by-line so you understand exactly what is logged and where files are created. 2) Prefer local/sharding modes if you do not trust memvid.com; only set MEMVID_API_KEY if you accept remote storage. 3) Secure log files (chmod 600) and consider storing them on an encrypted filesystem. 4) Avoid adding unknown environment changes to system-wide files (/etc/environment) unless you know the consequences; the installer only offers to edit your user .bashrc. 5) Audit the memvid CLI package (npm) and the memvid service privacy policy if you plan to use API mode. 6) If you have high-security data or run tools that may output secrets, do not enable this skill or filter sensitive outputs before they reach the logger. If you want a safer test, run the logger in a sandboxed account with no credentials and verify behavior with the included tests.

Review Dimensions

Purpose & Capability: okName/description match the implementation: the package contains a logger (tools/log.py), an installer script, and docs describing JSONL + Memvid outputs. Requiring the memvid CLI (npm) and file write/exec permissions aligns with the described functionality. The optional MEMVID_API_KEY for cloud mode is documented as optional.
Instruction Scope: noteRuntime instructions and install.sh explicitly state the skill will capture 'everything' (user messages, assistant responses, sub-agents, tool outputs, system events) and will run on each assistant response via OpenClaw hooks. The Python code logs the JSON message it receives and calls memvid; it does not independently read arbitrary files or environment variables, but it will record tool outputs and any data provided to the logger. The SKILL.md suggests /etc/environment for persistence (a privileged path) but the installer only writes to the user's .bashrc when asked. This scope is wide but documented; review tools/log.py to confirm what you want logged.
Install Mechanism: noteThere is no formal install spec in registry metadata, but the bundle includes install.sh and instructions to git clone the repository and run npm install -g memvid. Installing memvid via npm is a normal dependency but is a moderate-risk step (third-party package install). No downloads from untrusted shorteners or personal IPs are present; install.sh copies files locally and optionally edits .bashrc.
Credentials: noteThe skill requests no required environment variables or credentials in the registry metadata; MEMVID_API_KEY is optional for cloud mode. The environment access it does use (JSONL_LOG_PATH, MEMVID_PATH, MEMVID_BIN, MEMVID_MODE) is proportional to a logging/memory skill. However, because the skill deliberately logs 'everything', any secrets present in conversations or tool outputs may be captured; that privacy risk is intrinsic to the feature and is repeatedly documented in the SKILL.md.
Persistence & Privilege: okalways:false and default autonomous invocation are appropriate for a logger that hooks into message_out. The installer optionally writes env vars to the user's .bashrc but does not automatically require system-wide changes. The skill does not attempt to modify other skills or system-wide configurations beyond what it documents.