Skillv1.0.0

ClawScan security

Memory Association · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 4:50 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This skill is internally coherent for a local "memory/recall" helper: it reads and writes local memory files and builds an index, but it will access your workspace files and there are a few minor mismatches you should review before enabling it.
Guidance: Before installing: (1) Inspect your memory workspace (default used by the script is ~/.openclaw/workspace/memory) and back it up — the skill reads and writes files there. (2) Confirm what the agent's memory_get tool does and whether it can access files outside the intended memory folder. (3) Search your memory files for secrets (API keys, passwords, SSH keys, cloud credentials, or other sensitive data); if present, remove or move them before enabling the skill. (4) Note the slight path mismatch between SKILL.md (relative memory/) and scripts/build_index.py (absolute ~/.openclaw/workspace/memory); confirm the actual runtime paths. (5) If you only want read-only recall, require a review policy or sandbox the skill to prevent writes to your memory/.learnings directories. If you trust the agent environment and accept local filesystem reads/writes for recall/indexing, this skill appears consistent with its purpose.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose—recalling and updating local memory entries before starting tasks—matches the instructions and included script. One mismatch: SKILL.md refers to paths like memory/MEMORY_INDEX.md and memory/YYYY-MM-DD.md (relative paths), while scripts/build_index.py uses an absolute MEMORY_DIR = ~/.openclaw/workspace/memory and writes both the user's memory index and the skill's references/MEMORY_INDEX.md. This is plausibly explainable (different representations of the same workspace), but you should confirm where the agent will actually read/write files.
Instruction Scope: concernSKILL.md instructs the agent to read and pull arbitrary memory files (memory_get on memory/*.md) and to write daily memory files and .learnings files. That behavior is appropriate for a memory-association skill, but it does mean the skill will read/write potentially sensitive local content (logs, IPs, credentials if present). The SKILL.md references a memory_get tool/command that is not declared in the skill metadata; verify that this helper exists and what permissions it has. Examples in the docs include concrete IPs and deployment logs, demonstrating the index may contain sensitive operational data.
Install Mechanism: okNo install spec—this is instruction-only plus a small utility script. No external downloads or package installs are performed by the skill bundle.
Credentials: noteNo environment variables or external credentials are requested, which is proportional. However, the included script writes to the user's home directory (~/.openclaw/workspace/memory) and overwrites the skill's references/MEMORY_INDEX.md; this file-system access is necessary for the stated purpose but you should confirm you are comfortable granting the agent read/write access to that workspace.
Persistence & Privilege: okalways:false and ordinary invocation settings. The skill does write to local memory and the skill's references index file, but it does not request elevated privileges or force inclusion. No evidence it modifies other skills' configs or system-wide settings.