Skillv1.0.0

ClawScan security

Agent Memory System New · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 2:14 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill appears to do what it says: it manages local markdown-based long‑term memory, archives old files, creates daily reflections and can scaffold extracted skills — no unexplained network access or secret demands were found, but it will write files and install cron jobs on your machine, so review before installing.
Guidance: This package is internally consistent with its stated purpose, but it will create/modify files and install cron tasks on your machine. Before installing: 1) read the scripts (memory-gc.sh, nightly-reflection.sh, extract-skill.sh, install.sh) to confirm there is no unwanted behavior; 2) backup ~/.openclaw/workspace and your lessons if you have existing data (extract-skill.sh updates lesson frontmatter and can overwrite); 3) run GC with --dry-run first to see what would be archived; 4) prefer the interactive scripts/install.sh which prompts for confirmation, or manually add the cron entries yourself if you want tighter control; 5) consider running in a test workspace (set WORKSPACE env var) before applying to your real data. If you want, paste the scripts and I can highlight any specific lines to inspect further.

Review Dimensions

Purpose & Capability: okName/description match the actual artifacts: scripts create and manage a workspace/memory hierarchy, implement a temperature model, archive >30d files, run nightly reflection and extract skills from lessons. No unrelated credentials, binaries, or external services are required.
Instruction Scope: noteSKILL.md and the included scripts instruct the agent/user to create directories, run scripts, and add cron jobs. The scripts also automatically modify lesson files (update frontmatter with status and skill-path) when extracting skills — this is consistent with the stated 'skill extraction' feature but is a potentially surprising side‑effect that users should expect.
Install Mechanism: okNo network downloads or package installs are performed by the included scripts; everything is filesystem operations and cron configuration. No external URLs, shorteners, or archive extraction from remote hosts were observed.
Credentials: okThe skill does not request environment variables, credentials, or config paths. Scripts optionally respect a WORKSPACE env var but otherwise operate on user home paths (~/.openclaw/workspace). No secrets or unrelated service tokens are required.
Persistence & Privilege: noteThe install routines configure cron jobs and create files under ~/.openclaw/workspace and ~/.openclaw/workspace/skills, giving this skill recurring execution (nightly/weekly). This persistence is coherent with a long‑term memory feature but is an important behavioral privilege you should be aware of.