memory-persistence
Security checks across malware telemetry and agentic risk
Overview
The skill appears coherent and purpose-aligned, but it intentionally stores persistent memories and can share or use remote backends if configured.
Install this only if you want an agent to keep persistent memories. Keep sensitive information private, use shared memory only intentionally, review stored memories regularly, scope any GitHub/Gitee tokens to a dedicated repository, and pin/install dependencies in a trusted environment.
VirusTotal
44/44 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive, stale, or incorrect memories could persist and influence future agent responses.
The skill is explicitly designed to persist memories and later retrieve them, including conversation-derived summaries.
description: Multi-backend memory system with optional embedding, private/shared memories, conversation summarization... For AI agents to store and retrieve persistent memories.
Use this only if you want persistent agent memory; periodically review, correct, export, or delete stored memories, and avoid saving secrets or sensitive personal data unless necessary.
Information placed in shared memory may be visible to other agents or, if remote backends are configured, stored outside the local workspace.
The skill includes a shared-memory mode intended to make selected memories available across agents.
| **Shared** | `./shared_memory/` | All agents | Team decisions, collaboration |
Keep the default private memory mode for personal or sensitive data, and use shared memory only for information that is safe for other agents to read.
If remote storage is enabled, the skill can use repository credentials to store or retrieve memory data in the configured repo.
Optional GitHub/Gitee storage backends use environment-provided tokens to read/write configured repositories.
github: ... token_env: "GITHUB_TOKEN" ... shared_storage: ... token_env: "SHARED_GITHUB_TOKEN"
Use least-privilege tokens limited to the intended repository, avoid broad account tokens, and do not configure remote storage for sensitive memories unless you accept that data flow.
Dependency or model provenance affects the local runtime environment, even though this is expected for embedding-based search.
The skill relies on manually installed, unpinned packages and downloads an embedding model when semantic search is used.
pip install sentence-transformers scikit-learn pyyaml numpy ... Embedding is optional and auto-downloads on first use.
Install dependencies in an isolated environment, pin versions where possible, and use trusted package/model sources.
An agent or user could delete multiple stored memories without an interactive confirmation if the force option is used.
Batch deletion normally prompts for confirmation, but the force flag bypasses that prompt and deletes the specified memory IDs.
if not args.force: ... Type 'yes' to confirm ... result = manager.batch_delete(ids)
Require explicit user approval before delete, batch-delete, group-delete, or merge operations, and avoid using force unless you have reviewed the affected memory IDs.