Auto Memory Pro
Security checks across malware telemetry and agentic risk
Overview
This skill is coherent and purpose-aligned for managing Claude memory, but users should understand it can read and modify persistent agent memory/rules and can run an optional Bash hook.
This appears safe for its stated purpose, but install it only if you want the agent to review and edit persistent memory/rule files. Before using /si:promote or /si:remember, check that no secrets or temporary facts are being saved or promoted, and verify the package name/path because the artifacts mix auto-memory-pro and self-improving-agent naming.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Promoted rules may change how Claude behaves in future sessions, and removed memory entries may no longer be available as context.
The promote workflow edits persistent project instruction files and can remove memory entries. This is central to the skill's purpose and includes user confirmation for cleanup, but it can materially affect future agent behavior.
Write to target ... Append the new rule ... Create the file if it doesn't exist ... After promoting, remove or mark the original entry in MEMORY.md
Review proposed diffs before accepting promotions, keep rules scoped, and confirm removals from MEMORY.md only after verifying the rule was added correctly.
Private project notes or sensitive information accidentally stored in memory could be surfaced, summarized, or promoted into higher-priority agent instructions.
The analyst intentionally reads persistent memory and instruction files to find patterns, stale entries, conflicts, and promotion candidates. These files can contain private project knowledge or user preferences.
Read all memory files ... Cross-reference with CLAUDE.md ... Read all files in .claude/rules/
Do not store secrets in MEMORY.md or CLAUDE.md, review memory contents before running broad reviews, and inspect any proposed promotions for sensitive or stale information.
If enabled, the hook may add error snippets and reminders into the agent context after failed commands.
The skill includes a disclosed Bash hook that can run after Bash tool use when configured. The included script only inspects command output and emits a reminder, with no network or file mutation shown.
"hooks": { "PostToolUse": { "Bash": "hooks/error-capture.sh" } }Enable the hook only if you want automatic error reminders, and inspect hook output if command output may contain sensitive data.
Users may be confused about which package, repository, or install path they are actually using.
The registry entry is for auto-memory-pro, but multiple included artifacts identify or install the package as self-improving-agent. This looks like a naming/provenance inconsistency rather than malicious behavior.
"name": "self-improving-agent"
Verify the intended package name, repository, and install path before installing or enabling hooks.
A user might think errors are being saved automatically when the script only suggests saving them.
The provided hook script does not actually append to auto-memory; it prints a reminder suggesting /si:remember. This is a capability-description mismatch, but it reduces rather than expands the hook's authority.
"description": "Detects command failures and appends structured entries to auto-memory."
Treat the hook as a reminder mechanism unless you separately verify that another component writes error entries to memory.