Skillv0.5.2

ClawScan security

Learn me · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 11, 2026, 6:19 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only skill's requirements and behavior are coherent with its stated purpose (periodic, conversational prompts and a small local memory file), but it persistently writes user-personal information to disk and schedules autonomous prompts—so review consent and storage location before enabling.
Guidance: This skill is coherent with its goal of periodically asking personal questions, but before enabling it: 1) Confirm you want scheduled, autonomous prompts and what times are acceptable. 2) Verify where memory/next-questions.md will be stored and whether that location is backed up, synced to cloud storage, or accessible to others—if you have sensitive data policies, delete or encrypt that file. 3) The skill's instructions say to never store secrets, but it cannot enforce that—avoid answering with passwords, tokens, health details, or anything you wouldn't want recorded. 4) Test enabling with a single short schedule, then check created crons with 'openclaw cron list' and remove them with 'openclaw cron remove' if needed. 5) If you want to stop it, remove the crons and delete memory/next-questions.md and the skill. If you need stronger guarantees (encrypted storage, explicit redaction, or audit logs), ask the developer for those features before using the skill in sensitive contexts.

Purpose & Capability: okName/description (proactive conversational learning) aligns with the actions the skill asks for: it uses the openclaw CLI to create crons and maintains a local memory file for next questions. Requesting the openclaw binary is proportional and expected.
Instruction Scope: noteSKILL.md stays within scope: create scheduled crons (after explicit confirmation) and read/update memory/next-questions.md. It does not request unrelated files or external endpoints. Caveat: the skill will store user-provided personal information to a plain file and weave questions into normal conversations—the guidance 'never store private/secret info' relies on correct runtime behavior and user/agent discipline rather than enforced technical controls.
Install Mechanism: okInstruction-only skill with no install spec and no downloaded code; nothing is written to disk by an installer. Lowest-risk install model.
Credentials: okNo environment variables, credentials, or external tokens are requested. The only requirement is the openclaw binary, which is consistent with the skill's use of the openclaw cron commands.
Persistence & Privilege: notealways:false (not forced into every run), but the skill creates persistent cron jobs and a local memory file that cause autonomous, recurring prompts. Creation is gated by user confirmation per SKILL.md, but the presence of persistent scheduled tasks and on-disk storage has privacy implications and deserves user attention.