Skillv1.0.4

ClawScan security

Long Term Memory with Honcho · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 4:50 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (installing an OpenClaw plugin that uploads your workspace memory files to an external API and then persistently observes conversations) matches its stated purpose, but there are metadata inconsistencies and significant privacy impact you should explicitly accept and verify before installing.
Guidance: This plugin will upload many of your workspace memory files to an external API (api.honcho.dev by default) and then continuously send conversation data until you disable the plugin. That behavior is described in SKILL.md and requires interactive confirmation before uploads, but you should verify before installing: 1) Resolve the metadata mismatch — confirm whether node/npm and HONCHO_API_KEY are required (the SKILL.md says yes while the registry summary says no). 2) Inspect the plugin source (GitHub repo listed in SKILL.md / publisher) or the installed package under ~/.openclaw/extensions/openclaw-honcho before consenting to uploads. 3) Prefer running the setup in a disposable/test workspace first to see which files the tool proposes to upload. 4) If you cannot trust the managed endpoint, self-host Honcho (set HONCHO_BASE_URL) or decline migration. 5) Back up your local memory files before migration and check ~/.openclaw/openclaw.json after setup for stored keys. 6) If you do not want ongoing remote observation, do not enable the plugin or disable it with openclaw plugins disable openclaw-honcho after testing. If you want a safer recommendation, ask for the plugin's exact npm package name and repository URL so you (or an admin) can review the code before installing.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes exactly the expected capability: installing the @honcho-ai/openclaw-honcho plugin, migrating and uploading workspace memory files to api.honcho.dev (or a self-hosted HONCHO_BASE_URL), and then persistently observing conversations. That capability aligns with the described 'long term memory' purpose. However, the registry-level 'Requirements' section at the top of the submission says 'Required binaries: none' and 'Required env vars: none', while the SKILL.md metadata lists node/npm as required binaries and optional HONCHO_API_KEY and HONCHO_BASE_URL environment variables. This mismatch between top-level metadata and the SKILL.md is an incoherence you should resolve (either the registry metadata is incomplete or the SKILL.md is overstating requirements).
Instruction Scope: noteThe runtime instructions explicitly instruct running: openclaw plugins install @honcho-ai/openclaw-honcho, openclaw honcho setup, and openclaw gateway restart. The setup command will scan for and offer to upload a large set of workspace files (USER.md, MEMORY.md, IDENTITY.md, memory/, canvas/, SOUL.md, AGENTS.md, BOOTSTRAP.md, TOOLS.md) to an external endpoint, and writes configuration to ~/.openclaw/openclaw.json. Upload behavior is explicit and requires interactive confirmation before sending data. The scope is consistent with migration-to-remote-memory, but the instructions involve highly sensitive data and ongoing network activity; ensure you review which files will be uploaded at the prompt before consenting.
Install Mechanism: noteThis is an instruction-only skill (no install spec), so it instructs the user to use the OpenClaw plugin installer which will fetch & install the plugin package (likely from npm). The SKILL.md also documents a manual fallback: cd ~/.openclaw/extensions/openclaw-honcho && npm install. That fallback will run npm to install dependencies on disk (moderate risk — code from npm will be written/executed). The install mechanism is not a download from an arbitrary URL, but installing third-party plugin packages and their npm dependencies is inherent risk that should be audited if you do not trust the publisher.
Credentials: noteThe SKILL.md declares HONCHO_API_KEY (optional for self-hosted, required for managed Honcho) and HONCHO_BASE_URL as expected environment settings for a memory service; requesting these is proportionate to the stated functionality. However, the registry summary earlier claimed no required env vars; that inconsistency should be resolved. The skill reads/writes ~/.openclaw/openclaw.json to store API keys/config — this is expected. No unrelated secrets are requested, but the net effect is that sensitive workspaces and conversation content will be sent to an external service if you consent.
Persistence & Privilege: notealways:false (not force-included) which is appropriate. The important behavior: after setup the plugin 'persistently observes conversations and transmits data to Honcho across sessions' until you disable it. That persistent observation and ongoing network activity increases privacy risk compared with single-shot tools. This is expected for a long-term-memory plugin, but you should treat it as an always-on data flow and explicitly disable the plugin if you no longer want remote memory.