Back to plugin
Pluginv0.1.0
ClawScan security
Lethe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 28, 2026, 6:01 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested runtime behavior are coherent with its stated purpose (a local persistent memory service for agents); nothing requested is disproportionate or unexplained.
- Guidance
- This skill appears to do what it says: it runs a local HTTP service that holds agent memory in a local SQLite DB and provides a plugin to assemble context for agents. Before installing consider: (1) whether you'll run the prebuilt GHCR image or build from source — building from the included source is more auditable; (2) the Lethe service will receive and store all session content you send to it, so do not point the plugin at a remote/untrusted endpoint if the data is sensitive; (3) ensure the host volume (/data) where lethe.db is stored is access-controlled and backed up per your policy; (4) review the included plugin code if you plan to let the agent auto-send full context (to understand precisely what fields are transmitted); and (5) running any network-exposed service implies you should firewall or bind it to localhost unless you intentionally want remote access.
Review Dimensions
- Purpose & Capability
- okThe name/description (persistent memory for agents) matches the included Go server, SQLite schema, and OpenClaw plugin code that implement sessions, events, checkpoints, flags, and threads. No extraneous credentials, unrelated binaries, or unrelated platform access are requested.
- Instruction Scope
- okSKILL.md limits runtime actions to running a local HTTP service (Docker image or Go build) and using its documented API for creating sessions/events/checkpoints/flags. It does not instruct the agent to read arbitrary host files, access unrelated env vars, or send data to unexpected endpoints. The plugin is described as assembling context and calling the configured Lethe endpoint (expected behavior).
- Install Mechanism
- noteThis is instruction-only (no platform install spec). SKILL.md suggests pulling ghcr.io/openlethe/lethe:latest or building from source; source and a Dockerfile are included. Pulling a remote container image has the usual supply-chain risk — the repo contains build instructions and source which helps reviewability, but if you run the prebuilt image you are trusting GHCR content.
- Credentials
- okThe skill declares no required environment variables or secrets. The server stores data locally in a SQLite DB under the configured mount (/data). Database and API fields are appropriate for the described functionality (session keys, token_budget tracking, etc.).
- Persistence & Privilege
- okThe skill does not request always:true. It runs as a separate HTTP service and stores memory in its own SQLite DB; it does not attempt to modify other skills or require system-wide configuration changes. The included Dockerfile creates a non-root user for runtime.