Back to plugin
Pluginv0.2.0
ClawScan security
Marq Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 30, 2026, 11:32 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code, docs, and runtime instructions are consistent with its stated purpose: a local, markdown-first memory system that reads markdown under a configured workspace and appends to daily notes.
- Guidance
- This plugin is coherent and implements exactly what it claims: local markdown search and append-only daily notes. Before enabling, point workspaceRoot to a specific folder containing only the markdown you want the agent to index (do not point it at your entire home directory). Review the repo if you prefer (tests are included) and run npm test in a safe environment. Note that the plugin will create and append to memory/YYYY-MM-DD.md under the configured workspace, so back up or .gitignore files as needed. Autonomous invocation is allowed by default on the platform—if you want to limit automatic use, keep autoRecall disabled and control when tools are called.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation. The package implements search, append, and explain tools that operate over configurable markdown globs under a workspace root. There are no unrelated credentials, binaries, or external services requested.
- Instruction Scope
- noteSKILL.md and the code instruct the agent to read files matching configurable globs and append to memory/YYYY-MM-DD.md. This is expected, but be aware the plugin will read any markdown files under the configured workspaceRoot (and docs if enabled). Ensure workspaceRoot is pointed only at folders you permit the plugin to read.
- Install Mechanism
- okThere is no custom download/install step in the manifest. Dependencies are standard npm packages (fast-glob, @sinclair/typebox) resolved from the npm registry in package-lock.json. No remote arbitrary archives, shorteners, or personal servers are used.
- Credentials
- okThe skill requests no environment variables or credentials. Its filesystem access is confined to a user-configurable workspaceRoot (defaults to process.cwd when not set). No external API keys or unrelated secrets are required.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It registers tools but does not modify other plugins or system-wide settings. Default autoRecall is false. Autonomous invocation of tools is allowed by platform default but not unusual for plugins.