Skill From Memory
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private details from selected session or memory files could be included in extracted output or influence the generated skill.
The script extracts user and assistant conversation content into local files for reuse. This matches the skill purpose, but conversation history can contain private or sensitive data.
select(.message.role == "user" or .message.role == "assistant") ... > "$OUTPUT_DIR/conversation.txt"
Use narrow source files, inspect extracted output and generated SKILL.md/scripts, and remove secrets or personal information before publishing.
If the generated skill contains mistakes or sensitive content, it may be published externally.
The publish script can push all generated skill files to GitHub and publish to ClawHub. This is expected for the skill, but it is a high-impact action under the user's accounts.
git add -A ... git push origin main ... clawhub publish "$SKILL_PATH" --slug "$CLAWHUB_SLUG"
Run the publish step only after reviewing the generated files; use --skip-github or --skip-clawhub when you want local-only creation.
Publishing or git operations will affect repositories and registry entries accessible to the logged-in user.
The workflow uses the user's GitHub SSH access and ClawHub login. This is disclosed and purpose-aligned for publishing, but it means actions occur with the user's account privileges.
Setup SSH key for GitHub ... Add ~/.ssh/id_ed25519.pub to GitHub Settings → SSH Keys ... Login to ClawHub clawhub login
Use least-privilege credentials, confirm the target repository and ClawHub account, and consider a dedicated repo for generated skills.
Unreviewed code from prior notes or conversations could become part of a generated skill.
Code blocks extracted from memory can be copied into an executable script. The script is not run automatically, but later execution or publication should be reviewed.
cp "$EXTRACTED_DIR/code_blocks.txt" "$SKILL_DIR/scripts/extracted-code.sh" chmod +x "$SKILL_DIR/scripts/extracted-code.sh"
Inspect extracted-code.sh before running, committing, or publishing it.
A mistake in the selected history/memory source can quickly become a generated and published skill.
The all-in-one script chains extraction, skill generation, and publishing. This is the advertised workflow, but a bad source file or mistaken target can propagate into a published artifact.
"$SCRIPT_DIR/extract-from-history.sh" "$SOURCE" "$EXTRACT_DIR" ... "$SCRIPT_DIR/create-skill.sh" ... "$SCRIPT_DIR/publish.sh" "$SKILL_DIR"
Prefer the step-by-step workflow for sensitive sources, and review the intermediate generated skill before running the publish stage.