Skillv1.0.0

ClawScan security

Memory Harness · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 12:02 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The package generally matches a 'memory harness' template and contains only local Node scripts (no network calls or secret requests), but the SKILL.md's claims (automatically fetching real memories, byterover integration) do not match the actual code (which returns canned placeholders) and one core file (intent-classifier.js) is syntactically broken — this mismatch and incomplete implementation are concerning and should be fixed/validated before use.
Guidance: What to consider before installing: - Functionality mismatch: The SKILL.md promises retrieval of pinned facts, projects, and session history, but the code contains only local placeholders and does not connect to any memory backend—don't expect it to actually fetch your stored memories without additional integration. - Broken code: intent-classifier.js contains syntax and logic errors and appears nonfunctional; the harness may fail or behave unexpectedly. Review and test that file and the whole harness in an isolated environment before trusting it in production. - Local execution: The skill runs local node scripts via child_process.execFileSync. This is normal for this kind of tool, but ensure the agent environment has Node available and verify the scripts don't get modified to perform I/O you don't expect. - No network/exfiltration observed: There are no network calls, credential requests, or environment-variable usage in the provided files — good from an exposure standpoint — but also confirms it currently cannot access remote memory stores without modification. - Recommended actions: (1) Request the maintainer/source (unknown origin) or inspect/repair intent-classifier.js; (2) add/verify integration code for your actual memory backend before enabling autonomous invocation; (3) run the harness with representative test inputs to confirm behavior and logs; (4) limit agent autonomy to manual invocation until you confirm correct, tested behavior.

Review Dimensions

Purpose & Capability: noteThe name/description (3-stage recall, intent classification, entity detection, memory compression, pre-execution gate) matches the included scripts. However, the code does not integrate with any memory backend or external store — targeted-recall returns placeholder items and there are no APIs, DB connections, or credential requirements. SKILL.md asserts fetching 'pinned facts', 'active project', etc., but the implementation only simulates those behaviors. This is an internal inconsistency (promised capabilities are not implemented).
Instruction Scope: noteSKILL.md and the scripts instruct only local processing (intent detection, recall decision, compression, logging). The harness runs other local scripts via node child processes but does not read unrelated system files, environment variables, or send data to external endpoints. That scope is appropriate for a memory harness template. However, SKILL.md's phrase 'runs automatically at the right times - NOT relying on SKILL.md text alone' implies autonomous runtime behavior; combined with missing backend integration, this could mislead users about what the skill will actually retrieve.
Install Mechanism: okNo install spec is provided (instruction-only install), and there are no downloads or external packages fetched. The skill includes plain JS files that will run on a Node runtime. No high-risk install mechanism (no arbitrary URL downloads or external package installs) was used.
Credentials: okThe skill declares no required environment variables, no credentials, and code does not read process.env or access external services. The requested environment access is proportionate to the stated purpose.
Persistence & Privilege: okThe skill is not always-on, does not request system-wide config paths or modify other skills, and does not persist credentials. It does spawn local node processes (execFileSync) to run its helper scripts — expected for a JS-based harness.