Skillv1.0.1

ClawScan security

Cross Channel Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 17, 2026, 1:53 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions mostly match the described cross-channel memory purpose, but there are several incoherencies and privacy/operational concerns (notably hard-coded absolute paths, auto-creation of mappings, and inconsistent parameter usage) that you should review before installing.
Guidance: This skill is functionally coherent with its stated purpose, but review and adjust before installing: - Path hardcoding: the Python scripts use /home/wljmmx/.openclaw/... while documentation uses ~/.openclaw. Update the scripts to use a configurable base path or expand ~ at runtime; otherwise the scripts may fail or write into an unexpected home directory. - Privacy: the skill writes conversation content and mapping data to shared JSON and markdown files. If you install it, decide where those files should live, set proper filesystem permissions, and inform users that cross-channel history will be stored and potentially shared across agents. - Auto-creation: session_hooks auto-creates user mappings by default (auto_create=True). If you need explicit consent or verification, change that behavior before use. - Operational checks: test in a safe environment (non-production account) first. Run the provided tests and inspect the created files to confirm paths and contents. Consider locking down file permissions and backing up existing ~/.openclaw data. Given the absolute-path inconsistency and automatic writes/creation behavior, treat this skill as suspicious until the path and auto-create behaviors are fixed or confirmed acceptable.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (cross-channel identity mapping and memory sync) aligns with the provided scripts: init_mapping.py, lookup_user.py, memory_sync.py and session_hooks.py implement mapping, lookup, read/write of per-agent memory files and session hooks. There is no network or unrelated functionality. However, the code hardcodes filesystem roots (e.g. /home/wljmmx/.openclaw) while documentation references ~/.openclaw, which is an inconsistency that may cause unexpected behavior.
Instruction Scope: concernRuntime instructions and code focus on reading/writing mapping and memory files — consistent with purpose — but session_hooks automatically creates mappings (auto_create=True) and writes session-state files; this can create entries and write user-visible mapping files without explicit human approval. All scripts read/write global shared JSON and memory files containing conversation content, which is a privacy concern. The SKILL.md references tilde (~) paths but scripts use absolute /home/wljmmx paths, creating a scope mismatch.
Install Mechanism: okThere is no install spec (instruction-only install) and no external downloads or packages. The skill ships Python scripts that run locally; this is the lowest install risk, though the shipped code will be written to disk when the skill is installed/extracted by the platform.
Credentials: concernNo environment variables or external credentials are requested (which is good). But the scripts directly access and create files under an absolute home path (/home/wljmmx/.openclaw/...) and workspace directories, storing potentially sensitive conversation data and shared mapping. The hard-coded /home/wljmmx path is disproportionate/unexpected: it assumes a specific user's home and will not adapt to the actual runtime user, leading to either failures or writes to someone else's home path if executed with sufficient privileges.
Persistence & Privilege: notealways:false and normal autonomous invocation settings. The skill persists data by creating and updating mapping JSON, per-agent memory markdown files, and session-state JSON in ~/.openclaw/data and workspace. That persistence is expected for a memory-sync tool, but note it writes global shared files across agents and will auto-create mappings and session state unless configured otherwise.