v2.5.4

Memory V2 Skill

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:15 AM.

Analysis

This appears to be a local SQLite memory helper with no evidenced exfiltration, but it persistently stores agent memories and has setup/API details users should review.

GuidanceInstall this only if you want a persistent local memory database for your agent. Avoid storing secrets, know where the SQLite database and backups live, verify the migration documentation before using it, and prefer validating numeric API options before exposing them to autonomous agent calls.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

# Install dependencies
npm install sqlite3

# Initialize database
node scripts/init-memory.js

The setup requires a user-directed npm dependency install and local initialization script even though there is no automated install spec; this is expected for a SQLite-backed Node skill but is still a supply-chain/provenance point to review.

User impactInstalling dependencies and running initialization code can modify the local project environment.

RecommendationRun the setup only from a trusted copy of the skill, in the intended project directory, and review dependency versions if reproducibility matters.

Tool Misuse and Exploitation

SeverityLowConfidenceMediumStatusNote

modules/priority.js

AND created_at < datetime('now', '-${days} days')

The cleanup query interpolates a caller-provided `days` value into SQL for a DELETE operation. Typical numeric use is local and purpose-aligned, but constraining this argument would reduce the chance of accidental or prompt-driven query manipulation.

User impactIf unsafe nonnumeric values were passed into helper methods, local memory records could be queried or deleted more broadly than intended.

RecommendationValidate numeric API parameters such as day counts before calling cleanup/report/review helpers, or update the code to use bound parameters and explicit numeric coercion.

Human-Agent Trust Exploitation

SeverityInfoConfidenceHighStatusNote

migrations/README.md

V2.5 uses a new schema. No migration from V1/V2 is supported. Use init-demo.js for fresh setup.

This conflicts with SKILL.md's migration example referencing `node migrations/v1-to-v2.js old-memory.db`, so the migration documentation is inconsistent.

User impactA user may expect a V1-to-V2 migration path that the included migration documentation says is not supported.

RecommendationDo not rely on the migration command without verifying the actual migration script and taking a backup first.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Features: ... Local text search across all memory tables, (6) Automatic database backups. All data stored locally in SQLite database. No external API calls.

The skill intentionally persists and searches agent memory locally; this is disclosed and purpose-aligned, but stored memories/backups can retain sensitive content or untrusted text for future reuse.

User impactPast conversation details, decisions, learning notes, and skill-use records may be stored and surfaced later by the agent.

RecommendationUse it only for information you are comfortable keeping in a local memory database; periodically review or delete the database/backups, and treat retrieved memory as untrusted context rather than instructions.