Nm Memory Palace Knowledge Locator
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent memory-search helper, but it has broad persistent memory-indexing behavior and unexplained sensitive-credential capability signals.
Review this skill before installing. Confirm which memory palaces it can index, whether private review or project knowledge is included, why OAuth or sensitive credentials are signaled, and inspect the external Night Market plugin/script before running its commands.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Sensitive, stale, or poisoned stored knowledge could be repeatedly surfaced into future tasks and influence the agent’s work.
The skill is designed to index all stored memory palaces, connect them, and track usage patterns for later retrieval, but the artifacts do not define scope limits, exclusions, retention, or validation of retrieved memories.
1. **Build Index** - Create spatial index of all palaces ... 3. **Map Cross-References** ... 5. **Analyze Patterns** - Track and optimize based on usage
Install only if you understand which palaces are indexed; add or verify controls for palace selection, source review, retention, and clearing/rebuilding indices.
The skill or its dependencies may request or use sensitive credentials in a way that is not clear from the user-facing documentation.
The credential contract is inconsistent: the requirements say no credentials are needed, but capability signals indicate OAuth or sensitive credential use without explaining which account, token, or scope is involved.
Required env vars: none ... Primary credential: none ... Capability signals: requires-oauth-token; requires-sensitive-credentials
Before installing, confirm why OAuth or sensitive credentials are signaled, what service they belong to, and what permissions they grant.
Following the documented commands may rely on code outside this review, which could have different permissions or behavior than the skill text suggests.
The documented workflows depend on an external plugin/script that is not included in this instruction-only package, so the referenced runtime behavior cannot be verified from the supplied artifacts.
For the full experience with agents, hooks, and commands, install the Claude Code plugin. ... python scripts/palace_manager.py search "authentication" --type semantic
Inspect the referenced plugin and palace_manager.py before using the command workflows, especially if they access private memories or credentials.