merlin-security-sentinel
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill gives OpenClaw security-hardening guidance and includes a few user-run local commands, but the provided artifacts do not show hidden code, credential use, or deceptive behavior.
This appears to be a benign security-advice skill. Before installing or using it, review any suggested shell commands, verify cited security claims, and only apply configuration changes that match your OpenClaw setup and risk tolerance.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running these commands may prevent OpenClaw memory files from being updated and could affect normal agent behavior.
The skill provides local shell commands that modify OpenClaw memory-file permissions. This is purpose-aligned hardening advice, but it is still a local configuration change the user should intentionally approve.
chmod 444 ~/.openclaw/workspace/SOUL.md chmod 444 ~/.openclaw/workspace/MEMORY.md chmod 444 ~/.openclaw/workspace/IDENTITY.md
Run the commands only if you understand the effect, confirm the paths are correct for your installation, and keep a backup or know how to reverse the permission changes.
The guidance may lead users to change how persistent memory works in their OpenClaw setup.
The skill focuses on persistent agent memory and recommends controls around memory files. This is coherent with the security purpose, but users should notice that the advice directly concerns persistent agent state.
Memory poisoning — A persistent agent's memory (SOUL.md, MEMORY.md, IDENTITY.md) can be modified by malicious skills or prompt injection.
Treat persistent memory files as sensitive configuration, review them manually before trusting them, and document any permission changes made for hardening.
Users may place extra trust in the recommendations because they are presented with authoritative-sounding research and vendor references.
The skill uses strong security and authority claims to frame its recommendations. These claims support the stated advisory purpose, but users should independently verify them before making major architecture decisions.
Security research findings (Q1 2026): ... CVE-2026-25253 ... Microsoft classified persistent self-hosted AI agents as "untrusted code execution with persistent credentials"
Verify cited claims and linked references before adopting significant operational changes, especially for production or privileged systems.