Secretary Memory
Analysis
The skill is broadly aligned with memory management, but it stores and reinjects persistent personal context, signals sensitive credentials without a clear credential contract, and can automatically create or register new skills.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
Returns: 上下文字符串(可直接追加到 system prompt)
Recalled memory can be appended into high-priority prompt context, so stored content may steer future agent behavior rather than remaining clearly separated reference data.
python3 skill-creator/auto_skill_generator.py --generate ... --register ... --improve
The skill exposes commands that generate, register, and improve skills, but the artifacts do not show clear user approval, review, rollback, or scope limits for those high-impact actions.
自动 Skill 生成 ... 同一问题出现 ≥3 次; 注册触发词; 自我改进
The skill can create and register additional skills from observed task patterns, but the artifacts do not define provenance checks, review requirements, or trust boundaries for generated components.
python3 session_search.py --build-index; python3 session_summary.py --watch; python3 consolidate.py --check-capacity
The skill is script-driven and expects local Python execution for memory indexing, monitoring, and consolidation. This is purpose-aligned, but users should notice that it is not purely descriptive.
daily_file.rename(archive_file); MEMORY_MD.write_text(new_content); self.update_archive_index()
Consolidation moves daily logs into archives, rewrites long-term memory, and updates indexes, so a bad or poisoned memory entry can propagate across persistent files.
定时 consolidation + 会话结束 hook; 会话开始时自动加载相关记忆; 自动 Skill 生成; --improve
The skill describes autonomous hooks, scheduled maintenance, persistent recall, automatic skill creation, and self-improvement, which can keep changing behavior beyond a single explicit task.
Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.
Capability signals: - requires-sensitive-credentials; Primary credential: none; Required env vars: none; Env var declarations: none
The capability signal says sensitive credentials are required, while the credential contract declares no primary credential or environment variables, leaving the permission boundary unclear.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
会话自动摘要; 偏好自动提取 + 用户关系图谱; 跨会话召回; 数据文件:memory/.user_graph.json
The skill persistently extracts, stores, and reuses user preferences, summaries, and relationship graph data across sessions, creating both privacy exposure and poisoning risk.