Skill Trust Decision

Memory Pruner

Name: Memory Pruner Trust Review Report
Item: Memory Pruner
Rating: 65
Author: ClawSafe

The skill declares shell runtime and references a memory-pruner script that does not exist, constituting a documentation mismatch with no functional code present.

Install decision first Source: Manual upload Scanned: Apr 5, 2026

Files 2

Artifacts 0

Violations 0

Findings 2

Why this conclusion was reached

0/4 dimensions flagged

Pass

Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Pass

Hidden execution and egress

No obvious high-risk egress or execution signals were found.

Pass

Attack chain and severe findings

There is no explicit malicious chain in the report.

Review

Dependencies and supply chain hygiene

Dependency information is incomplete, so supply-chain confidence stays limited.

What drove the risk score up

Documentation mismatch +25

SKILL.md declares 'memory-pruner' CLI script and 'memory/' directory that do not exist in the file tree

Undeclared runtime requirements +10

config.json declares runtime: 'shell' suggesting shell:WRITE permissions, but no scripts are present to review

Most important evidence

Medium Doc Mismatch

Referenced implementation files are missing

SKILL.md references 'memory-pruner' as the main CLI script and 'memory/' as the working directory, but these files do not exist in the package. The pre-scan confirms hasScripts: false.

SKILL.md:58

Do not trust this skill. Request actual implementation code before any evaluation.

Low Doc Mismatch

Entry point declared but not present

config.json specifies 'entry': 'memory-pruner' with runtime: 'shell', indicating a shell script entry point that is absent from the package.

config.json:12

Verify the package contents match the declared structure before use.

Declared capability vs actual capability

Filesystem Pass

Declared NONE

→

Inferred WRITE

config.json declares runtime: shell but no scripts exist to verify

Shell Pass

Declared WRITE

→

Inferred UNKNOWN

config.json declares runtime: shell but memory-pruner script is missing

Suspicious artifacts and egress

No obvious IOC was extracted.

Dependencies and supply chain

There are no structured dependency warnings.

File composition

2 files · 86 lines

Markdown 1 files · 73 linesJSON 1 files · 13 lines

Files of concern · 2

config.json JSON · 13 lines

Entry point declared but not present

SKILL.md Markdown · 73 lines

Referenced implementation files are missing

Security positives

No malicious code present in the package

No obfuscation, base64-encoded strings, or anti-analysis patterns detected

No credential harvesting or environment variable access attempted

No network requests or external IP communications

No suspicious IOCs (indicators of compromise) in the pre-scan