Skillv1.0.1

ClawScan security

Memos Cloud Server · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 2:02 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches a memory-store/search tool but has a few mismatches and missing details (undocumented optional env, missing Python dependency, default external endpoint) that you should review before installing.
Guidance: This skill appears to implement a MemOS cloud client and mostly behaves as expected, but review the following before installing: - Confirm you trust the default endpoint (https://memos.memtensor.cn/api/openmem/v1). The repository/homepage is unknown; verify the vendor and endpoint are legitimate for your use. - The Python script uses the 'requests' package but the skill does not declare or install it. Ensure your environment has requests installed or the skill will fail; prefer an explicit, reviewed install step. - The script supports MEMOS_CLOUD_URL via environment but that env is undocumented in SKILL.md and metadata. If you need to override the endpoint, set this variable explicitly; otherwise verify the default endpoint. - Be cautious about storing API keys in global shell profiles (~/.zshrc, ~/.bashrc). Prefer storing secrets in a secure secret store or environment scoped to the agent process rather than global persistent files. - Decide whether you want the agent to call this skill automatically every time it’s unsure: SKILL.md tells the agent to ALWAYS use the tool, which could lead to many outbound requests and potential exposure of conversation content to the external service. If you have privacy concerns, restrict autonomous use or require explicit user approval per call. If you want me to proceed, I can list concrete questions to ask the skill author (e.g., vendor origin, credential scopes, dependency list) or suggest a safe installation checklist.

Review Dimensions

Purpose & Capability: okName/description, required envs (MEMOS_API_KEY, MEMOS_USER_ID), and the provided CLI operations (search, add_message, delete, add_feedback) are consistent with a memory cloud client.
Instruction Scope: noteSKILL.md instructs the agent to always invoke this tool when unsure (a strong behavioral directive but within the declared purpose). It also tells the agent to prompt the user to add secrets to their global shell config (~/.zshrc, ~/.bashrc) if they're missing — this is privacy-sensitive (asking the user to store a secret globally) and should be handled cautiously.
Install Mechanism: concernNo install spec (instruction-only) which minimizes disk writes, but the included Python script imports the third-party 'requests' package while only 'python3' is declared as a required binary. The skill does not document installing 'requests' or other Python dependencies — this mismatch will break the script or cause ad-hoc installs at runtime.
Credentials: concernThe required envs (API key and user id) are appropriate for a cloud memory client. However: (1) the script also reads MEMOS_CLOUD_URL (an undocumented optional env) and defaults to https://memos.memtensor.cn/api/openmem/v1 — that outbound endpoint is not documented in SKILL.md or metadata; (2) SKILL.md encourages storing credentials in global shell files, which increases blast radius if the env is persisted insecurely.
Persistence & Privilege: okThe skill is not marked 'always' and does not request system-level persistence. It doesn't attempt to modify other skills or system settings. Autonomous invocation is allowed (default), which combined with the 'ALWAYS invoke' guidance in SKILL.md can lead to frequent external calls — consider policy around when the agent should call the skill.