Skillv0.2.1

ClawScan security

Dream · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 27, 2026, 12:55 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions mostly match its stated goal (maintaining and archiving MEMORY.md), but there are noteworthy inconsistencies and risky behaviors—most importantly silent/automatic modifications and an unconditional 'forget' that deletes memory entries without confirmation—so review and caution are advised before installing.
Guidance: This skill is mostly coherent with its stated goal (distilling and archiving MEMORY.md), but it will overwrite your workspace MEMORY.md and write/delete entries in your vault. Before installing: 1) Back up your current MEMORY.md and the OpenClaw workspace (or use git) so you can recover if content is changed unexpectedly. 2) Inspect the full dream-tools.sh yourself (ensure the truncated snippet in the provided bundle is complete and free of network calls). 3) Test in an isolated vault by setting DREAM_VAULT_PATH to a disposable directory and setting OPENCLAW_WORKSPACE to a test workspace. 4) Be cautious with scheduling—do not enable the automatic 03:30 job until you're confident. 5) Note that 'dream forget' deletes matches without confirmation; avoid running it until you trust the matching behavior, or add confirmation/dry-run. 6) Ensure required host tools exist (openclaw CLI, jq, md5sum or md5, timeout). 7) If you want less risk, modify the script to require explicit user confirmation for deletions and to log all changes (or commit them to a git repo) so you can audit/rollback. If you want, I can produce a short checklist or a safe wrapper that runs the script in dry-run mode and summarizes the changes before applying them.

Review Dimensions

Purpose & Capability: okThe skill claims to distill OpenClaw memory into MEMORY.md and an append-only ledger; the shell helper implements file reads/writes, ledger append, re-emergence checks and index operations which are coherent with that purpose. It does not request external credentials or network access, which aligns with its stated scope.
Instruction Scope: concernRuntime instructions and the script perform broad local file modifications: atomic replacement of WORKSPACE_PATH/MEMORY.md, appending to ledger.md, writing removed-entries.json, and updating obsidian-index. 'dream forget' removes entries from MEMORY.md and memory/YYYY-MM-DD.md with no confirmation. Scheduled silent nightly distillation (03:30) and immediate in-dialog writes are part of the design—these are potent actions that overwrite user memory data and may be surprising if not expected.
Install Mechanism: okThis is an instruction-only skill with an included shell script; there is no remote download or archive extraction. SKILL.md suggests installing jq via brew, which is reasonable. No high-risk install URLs or arbitrary code downloads are present in the provided artifacts.
Credentials: noteNo secrets or external credentials are requested. The script uses DREAM_VAULT_PATH and OPENCLAW_WORKSPACE environment variables (both default to user home paths if unset), and relies on local CLIs (openclaw, jq, wc, md5/md5sum). SKILL.md lists jq/wc but does not explicitly declare dependency on the openclaw CLI or md5/md5sum utilities; these are expected on the host but the omission is a minor inconsistency to be aware of.
Persistence & Privilege: concernThe skill modifies persistent user state (MEMORY.md, vault files) and performs irreversible-seeming operations (append-only ledger, removed-entries tracking). always is false (good), but autonomous/scheduled silent runs and an unconditional 'forget' command that deletes matching entries without confirmation increase the blast radius. This combination warrants caution even though autonomous invocation is the platform default.