Memoclaw Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This memory skill appears coherent and not malicious, but it should be reviewed because it uses a wallet private key/payment-capable external CLI and remote persistent memory that are not fully reflected in the registry metadata.
Install only if you trust MemoClaw and its npm CLI. Use a dedicated low-balance wallet, approve paid and destructive commands manually, avoid storing secrets or sensitive personal data, and periodically review/export/delete memories that should not persist.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a funded wallet is configured, agent or CLI use can spend USDC after the free tier, and the private key must be protected like a financial credential.
The skill needs a wallet private key or wallet-backed configuration and can authorize paid calls, while the registry metadata declares no required env vars and no primary credential. That under-declares a high-impact credential/payment boundary.
This skill requires MEMOCLAW_PRIVATE_KEY environment variable for wallet auth. Use a dedicated wallet. ... After that, USDC on Base required.
Use only a dedicated low-balance wallet, require explicit approval before paid commands, and update the skill metadata to declare the wallet/private-key credential and payment behavior.
Installing the external CLI gives that package local code execution and access to the configured MemoClaw wallet credentials.
The skill relies on an external, globally installed npm CLI whose implementation is not included in the reviewed artifacts. This is central to the skill, but users must trust that package because it will handle wallet setup and API calls.
npm install -g memoclaw memoclaw init # one-time wallet setup
Install the CLI only from a trusted source, consider pinning/reviewing the package version, and avoid running CLI upgrades automatically.
A mistaken or automated destructive command could delete stored memories or move them into the wrong namespace.
The documented CLI can perform destructive memory-management actions such as purging a namespace. The example recommends backing up first, so this appears purpose-aligned, but it should not be run without user intent.
memoclaw export --format json --namespace old-project --output backup-old-project.json memoclaw purge --namespace old-project --force
Prefer dry-run and backup commands before purge/move/delete operations, and require user confirmation for force or yes flags.
Personal facts, project details, or poisoned/inaccurate memories could be stored remotely and reused in later sessions.
The skill can ingest conversation or document text into a persistent remote memory store for later semantic recall. This is the stated purpose, but it means sensitive or incorrect content may persist and influence future agent context.
cat conversation.txt | memoclaw ingest --namespace default --auto-relate
Do not ingest secrets or sensitive files by default, use namespaces and retention controls, review stored memories periodically, and treat recalled memories as context to verify rather than unquestioned truth.