Back to skill
Skillv1.0.0
ClawScan security
Memory Health Score · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 1, 2026, 12:44 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (scanning workspace memory files and writing a health report); it does not request credentials or network access and contains no obvious malicious behavior, though some documentation items (automatic repair / dashboard UI) are only advisory and not implemented in the code.
- Guidance
- This skill appears coherent and limited to reading/writing files in the agent workspace and producing a JSON health report — it does not make network calls or ask for credentials. Before installing or enabling autonomous runs: 1) review check-health.mjs to confirm its filesystem targets are acceptable (it will read MEMORY.md, memory/*.md, .issues, HEARTBEAT.md and write memory/health-score.json); 2) be aware SKILL.md mentions automatic repair and dashboard UI, but those are not implemented in the provided script — do not assume the skill will auto-modify your memory files; 3) if you plan to run it on a sensitive workspace, run it first in an isolated session or inspect the repo for any additional repair scripts it references; 4) consider whether you want the agent to invoke this autonomously (normal default) or only run it manually via the cron command.
Review Dimensions
- Purpose & Capability
- okThe name/description describe a memory health scorer and the included check-health.mjs performs exactly that: reads workspace files (MEMORY.md, memory/*.md, memory/INDEX.md, .issues, HEARTBEAT.md), computes scores, prints JSON, and writes memory/health-score.json. Required envs/binaries are none (code optionally uses OPENCLAW_WORKSPACE), which is proportionate to the stated purpose. Minor note: SKILL.md and agent-amnesia-guide reference auto-repair actions and dashboard UI, but the shipped script only computes and writes a score — it does not perform the automatic fixes or UI integration.
- Instruction Scope
- noteRuntime instructions are narrowly scoped to inspecting and scoring files inside the agent workspace and scheduling runs with openclaw cron. They do not attempt to read unrelated system files or network endpoints. However SKILL.md describes automatic repair flows (compression, index rebuild, task cleanup) and one-click dashboard fixes; those are advisory and not implemented by check-health.mjs. The agent-amnesia-guide references other scripts (e.g., rebuild-index.mjs, dedup.mjs) which are not present in this package — callers should not assume auto-fix behavior exists.
- Install Mechanism
- okNo install spec — instruction-only with a single utility script. No downloads, package installs, or external installers are present, so nothing additional would be fetched or executed beyond the included Node script.
- Credentials
- okThe skill requests no credentials or configuration paths. The script optionally uses OPENCLAW_WORKSPACE (defaulting to cwd) to locate files and writes memory/health-score.json inside that workspace — this is reasonable for a health-checking tool. There are no requests for unrelated secrets or cloud credentials.
- Persistence & Privilege
- okalways: false and no special privileges requested. The skill will run only when invoked (user-invocable or agent-initiated under normal autonomous-invocation rules). It writes a report file to the workspace (expected behavior) but does not modify other skills or global agent configuration.