Skillv2.0.1

ClawScan security

Cognition · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 12:36 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, instructions, and install script are coherent with a memory/memoization architecture and do not request secrets or remote downloads; it's internally consistent but you should review automation behaviors before enabling autonomous execution.
Guidance: This skill looks coherent for local memory management: it creates a workspace structure, provides consolidation/weekly prompts, and keeps changes staged before mutating durable files. Before installing: 1) Inspect templates (especially FUTURE_INTENTS.md) to confirm you accept any automated 'execute when triggered' semantics. 2) Run scripts/install.sh with an explicit workspace path (not the default) if you want control over where files are created. 3) If you enable nightly/weekly jobs, ensure the scheduled jobs run under an account with only the permissions you intend. 4) Restrict agent tool permissions (read/write/execute) if you do not want the agent to automatically act on FUTURE_INTENTS or perform file mutations without human review. 5) Back up any existing memory files you care about before installing. Overall the skill is internally consistent and does not request secrets or fetch remote code, but be cautious about enabling autonomous execution of intents and scheduled consolidation workflows.

Review Dimensions

Purpose & Capability: okName/description (memory architecture) matches the manifest: SKILL.md, reference docs, templates, and an install.sh that scaffolds local memory files. No unrelated credentials, binaries, or network endpoints are required.
Instruction Scope: noteRuntime instructions focus on creating and managing local memory files, staged consolidation, and weekly reports. They require the agent to read/write workspace files (explicitly required by the prompts). One item to watch: the FUTURE_INTENTS template language (‘Execute when triggered’, ‘Scanned every session start + every heartbeat’) implies the agent may act on intents — review how your agent runtime treats 'intents' to avoid unintended automated actions.
Install Mechanism: noteThere is no remote install spec; the included scripts/install.sh is a local scaffold that copies templates into a workspace (default ~/.openclaw/workspace). The script is non-destructive (skips existing files) and contains no downloads or execution of remote code, but it will create files and directories under the chosen workspace path.
Credentials: okThe skill requests no environment variables, credentials, or config paths. Prompts mention using a 'recommended model' and read/write tools but do not demand secrets or external tokens — proportional to a local memory management skill.
Persistence & Privilege: notealways:false (no forced permanent inclusion). The skill's workflows expect scheduled jobs (cron) and agent tool access for read/write. Combined with the FUTURE_INTENTS template, this can enable automated behavior if the agent runtime is allowed to autonomously execute actions — consider limiting autonomous execution or reviewing intent-trigger rules.