Skillv2.1.1

ClawScan security

Openclaw Skills Smart Agent Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 2:17 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it claims (a local Node.js-based long‑term memory engine) and its requirements (node, read/write access to the memory workspace) match its behavior; no network exfiltration or unrelated credentials are requested, though there are a few minor inconsistencies and capability notes you should be aware of before installing.
Guidance: This package appears to be a coherent local memory engine: it only needs Node and read/write access to your OpenClaw workspace. Before installing or enabling it: 1) Confirm you trust the source (homepage unknown and embedded metadata/owner/version have small mismatches). 2) Be aware it will create and modify files in ~/.openclaw/workspace/memory and can generate SKILL.md templates under your skills directory (the 'extract' command); if you run that, inspect generated SKILL.md files before enabling them. 3) The CLI optionally calls an external 'qmd' binary if present — this is optional but not declared in requires.bins. 4) IDs are generated with a simple timestamp+random approach (not cryptographically strong) — fine for local usage but worth noting. 5) Recommended safe practices: back up any existing memory directory, run the CLI in a sandbox or non‑privileged account to validate behavior, and review/scan the package code if you have sensitive data. Overall the package is internally consistent with its stated purpose, but do the brief due diligence above because the source and packaging metadata are inconsistent.

Review Dimensions

Purpose & Capability: okName/description (long‑term memory for agents) aligns with the included code and CLI. It legitimately needs Node and read/write access to ~/.openclaw/workspace/memory and it implements dual-layer memory (Markdown + JSON/SQLite) as described. Minor metadata mismatches exist between the registry header and embedded _meta.json/SKILL.md (owner/slug/version differences), but these look like packaging/metadata inconsistencies rather than functional or malicious mismatches.
Instruction Scope: noteRuntime instructions and CLI operations are scoped to the memory workspace (reading/writing ~/.openclaw/workspace/memory, creating daily logs, lessons, skill experience files). The CLI can create SKILL.md templates (extract → writes to a skills directory) which is a legitimate feature for 'extracting' lessons, but it does mean the skill can write files into the user's skills area. The code calls an external binary 'qmd' if present (lib/search.js → execFileSync), but this is optional and falls back to built‑in search.
Install Mechanism: okNo remote install/downloads or archive extraction are present in the package. The skill is delivered as Node.js source files and a CLI script; there is no installer that fetches external code. This is a lower‑risk delivery model. README suggests installing via clawhub or copying into ~/.openclaw/skills, which is normal.
Credentials: okThe skill requests no secrets or cloud credentials. Declared runtime requirement is only the node binary. The SKILL.md metadata declares read/write permissions for ~/.openclaw/workspace/memory which is proportional to a memory engine. One minor mismatch: the top-level registry metadata said 'Required config paths: none' while SKILL.md clearly documents read/write of the workspace path—this is inconsistent but coherent with the skill's purpose. The optional use of the external 'qmd' binary is not declared in requires.bins, so availability of that binary is detected at runtime.
Persistence & Privilege: notealways:false (good). The skill writes persistent data under ~/.openclaw/workspace/memory and can create Markdown skill templates (it is capable of writing SKILL.md into a skills directory). Writing new skill files is explained by the 'extract' feature and is plausible for this tool, but it does constitute modification of the skills filesystem (so review where it will write before running). The SKILL.md also recommends adding scheduled jobs via OpenClaw cron—scheduling is intended but means repeated autonomous actions if you accept those cron jobs.