Skillv1.0.0

ClawScan security

Persistent Mind · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 16, 2026, 8:01 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The package is internally coherent: a local-only persistent memory manager that stores JSON under .persistentmind/ and does not request external credentials or installs, but you should avoid accidentally storing secrets and review how exports/imports are handled.
Guidance: This skill appears to be what it says: a local persistent memory manager that stores data under .persistentmind/ and does not request credentials or network access. Before installing or using it: 1) Audit the included source (persistentmind.py) yourself or have someone you trust review it; while the imports shown are standard-library only, a full review ensures there are no hidden network calls or dynamic imports. 2) Do not store secrets (API keys, passwords, private tokens) in memories unless you accept the risk; exported JSON (export_memories) and imports are plaintext and can leak secrets. 3) Protect the storage directory: exclude .persistentmind/ from version control, set restrictive filesystem permissions (e.g., chmod 700), and consider encrypting sensitive items before storing. 4) When using team sharing, verify recipients and scrub any sensitive content first. 5) If you need secret retention, prefer a dedicated secret manager with access controls rather than this general-purpose memory. If you want more assurance, ask the publisher for a signed release or run static/dynamic analysis to confirm there are no outbound network calls and that export/import functions sanitize inputs.

Review Dimensions

Purpose & Capability: okName/description (persistent searchable memory) align with code and manifest: the implementation stores memories locally in JSON, provides search, context injection, export/import, deduplication, and no declared external integrations. Required env vars/credentials are none, which matches the claimed local-only operation.
Instruction Scope: noteSKILL.md and the API surface stay within the memory-manager scope (remember, recall, get_context, export/import, consolidate). They do not instruct reading arbitrary system files or env vars. However examples explicitly show storing things like "The Stripe API key is in .env as STRIPE_SECRET_KEY" and the skill supports export/import and team sharing — meaning sensitive items placed into memories could be accidentally preserved or shared. The instructions do not direct network exfiltration, but they grant broad discretion to store arbitrary content.
Install Mechanism: okNo install spec — registry indicates source included and runtime is local Python. The package is pure Python, zero external dependencies, and the code is included in the bundle; nothing in the manifest or SKILL.md pulls binaries or remote archives.
Credentials: okThe skill requests no environment variables or credentials, which is proportionate to its stated purpose. That said, because it lets users store arbitrary text and export it, the real risk is user-supplied secrets ending up in local storage or shared exports — the skill itself does not require access to secrets.
Persistence & Privilege: okThe skill is not marked always:true and uses a standard local storage path (default .persistentmind/). It does persist data across sessions as intended. There is no evidence it touches or modifies other skills' configs or requests elevated system privileges. The normal autonomous invocation flag is enabled by default but is not combined with unusual privileges here.