ClawHub

Agent Memory Hub

ReviewAudited by ClawScan on May 16, 2026.

Overview

Review recommended: this is a coherent local memory tool with no exfiltration shown, but it can save secrets and personal details in persistent plaintext memory that future agents may reuse.

Install only if you are comfortable with a local, persistent memory file. Configure the storage directory if needed, periodically inspect or delete `~/.agent-memory/memories.json`, and tell your agent not to store passwords, API keys, tokens, or other sensitive information.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium
#ASI06: Memory and Context Poisoning
What this means

Passwords, API keys, client details, or personal facts shared with an agent could be saved across sessions and returned later or used to influence future answers.

Why it was flagged

The skill explicitly supports credential-related memories and stores persistent memory as readable local JSON, creating a risk that secrets or sensitive personal data are retained and later surfaced to agents.

Skill content
Good keys: `user_name`, `preferred_stack`, `project_deadline`, `api_key_note` ... Storage: `~/.agent-memory/memories.json` ... Format: human-readable JSON ... Auto-Tag Categories ... `credential`
Recommendation

Do not store secrets in this memory. The publisher should add secret redaction or denylisting, explicit user approval for sensitive memories, retention controls, and clear instructions for inspecting and deleting the memory file.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

Users have less provenance information for deciding whether the local Node MCP server and its dependency chain are trustworthy.

Why it was flagged

The artifacts include source and package files, but the registry metadata does not provide a verifiable source location or install spec, so users must rely on the supplied package contents and npm build process.

Skill content
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Recommendation

Verify the package contents before building, use the included lockfile, and prefer a published source repository or signed release if available.