ClawHub
Back to skill
v1.0.4

Memory Structure

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:52 AM.

Analysis

This is a coherent instruction-only memory template with no code or external dependencies, but it does create persistent agent memory and optional periodic self-reflection.

GuidanceThis skill appears safe to install as an instruction-only memory template. Before using it, decide where the memory directory should live, avoid storing secrets or highly private information in the memory files, and only enable the automatic heartbeat if you want the agent to perform recurring self-reflection updates.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityLowConfidenceHighStatusNote
setup.md
Add to workspace HEARTBEAT.md for automatic 30-minute self-reflection

The skill recommends optional recurring self-reflection behavior. It is disclosed and manually configured, but it is still persistent autonomous agent activity users should understand.

User impactIf configured, the agent may periodically update memory/state files without a fresh user request each time.
RecommendationEnable the heartbeat only if you want recurring self-reflection, and keep a clear way to disable or edit the HEARTBEAT.md configuration.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
SKILL.md
`memory.md` | Main memory file: preferences, patterns, rules (HOT tier)

The skill creates persistent memory intended for high-frequency reuse by agents, so incorrect, sensitive, or poisoned entries could influence future tasks.

User impactInformation stored in these memory files may shape how agents behave later, including across tasks or environments.
RecommendationReview memory entries before reuse, avoid storing secrets or private data, and keep memory scoped to the intended workspace or agent.