triple-memory

[Skill Scanner] Skill instructions include directives to hide actions from user The skill fragment is coherent and aligned with its stated purpose. It describes a legitimate multi-backend memory system with local persistence and environment-based credentials. No malicious activity or overbroad permissions are evident; the footprint is proportionate to its goals. To improve security and governance, incorporate explicit data retention policies, access controls, plugin provenance verification, and optional user prompts for memory operations. With these guardrails, the design is acceptable for secure deployment. LLM verification: SUSPICIOUS. The skill's stated purpose (combined persistent memory) aligns with the capabilities described, but there are several privacy and supply-chain concerns: it requires an embeddings API key (so user data will be sent to an external provider), it instructs the system to silently capture and persist memories (no user-facing disclosure), and it references an unverified installer ('clawdhub') and scripts not included for review. These factors make the component risky for storing sensitive d