Memoclaw Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: memoclaw Version: 1.23.5 The skill facilitates the transfer of local data to a third-party service (api.memoclaw.com) and requires a sensitive cryptographic key (MEMOCLAW_PRIVATE_KEY) for authentication and payments. Key risks include the 'migrate' and 'ingest' commands in SKILL.md, which encourage the agent to upload local files and conversation history to the cloud, and the 'upgrade' command which executes 'npm install', creating a supply chain risk. While these features are aligned with the stated purpose of a 'Memory-as-a-Service' platform, the handling of private keys and the broad file-access capabilities represent a significant security and privacy surface.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a funded wallet is configured, agent or CLI use can spend USDC after the free tier, and the private key must be protected like a financial credential.
The skill needs a wallet private key or wallet-backed configuration and can authorize paid calls, while the registry metadata declares no required env vars and no primary credential. That under-declares a high-impact credential/payment boundary.
This skill requires MEMOCLAW_PRIVATE_KEY environment variable for wallet auth. Use a dedicated wallet. ... After that, USDC on Base required.
Use only a dedicated low-balance wallet, require explicit approval before paid commands, and update the skill metadata to declare the wallet/private-key credential and payment behavior.
Installing the external CLI gives that package local code execution and access to the configured MemoClaw wallet credentials.
The skill relies on an external, globally installed npm CLI whose implementation is not included in the reviewed artifacts. This is central to the skill, but users must trust that package because it will handle wallet setup and API calls.
npm install -g memoclaw memoclaw init # one-time wallet setup
Install the CLI only from a trusted source, consider pinning/reviewing the package version, and avoid running CLI upgrades automatically.
A mistaken or automated destructive command could delete stored memories or move them into the wrong namespace.
The documented CLI can perform destructive memory-management actions such as purging a namespace. The example recommends backing up first, so this appears purpose-aligned, but it should not be run without user intent.
memoclaw export --format json --namespace old-project --output backup-old-project.json memoclaw purge --namespace old-project --force
Prefer dry-run and backup commands before purge/move/delete operations, and require user confirmation for force or yes flags.
Personal facts, project details, or poisoned/inaccurate memories could be stored remotely and reused in later sessions.
The skill can ingest conversation or document text into a persistent remote memory store for later semantic recall. This is the stated purpose, but it means sensitive or incorrect content may persist and influence future agent context.
cat conversation.txt | memoclaw ingest --namespace default --auto-relate
Do not ingest secrets or sensitive files by default, use namespaces and retention controls, review stored memories periodically, and treat recalled memories as context to verify rather than unquestioned truth.