Aura for OpenClaw
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent and appears local-only, but it can store selected document contents and agent memories persistently on your machine.
This appears safe to install if you want local document search and persistent agent memory. Be careful about which folders you index, avoid storing secrets in memory, and periodically prune or delete ~/.aura/memory and any .aura archives you no longer need.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you index private folders, their contents may be stored in a local .aura archive and later surfaced in answers.
The compile script is designed to read a user-chosen directory and write a local knowledge archive, which is core to the purpose but may retain sensitive document content.
Local Files Read: User-specified input directory
Local Files Written: User-specified .aura output fileIndex only intended folders, choose output locations carefully, use PII masking when appropriate, and delete archives you no longer need.
Remembered information may be recalled or used later, including sensitive preferences, project details, or operational facts if you store them.
The skill intentionally stores facts, preferences, and rules persistently so they can influence future sessions.
| **`/fact`** | Verified facts, user preferences, learned rules | Persistent — survives indefinitely |
Avoid storing secrets, review memory usage periodically, and use the documented prune or wipe options when information should no longer be retained.
The external package performs the main document parsing, archive, and memory operations, so its version and dependencies affect the skill’s behavior.
The setup instructions rely on an external Python package, and the install commands do not pin an exact version.
pip install auralith-aura ... pip install 'auralith-aura[all]'
Install from a trusted package source, consider pinning a known-good version, and review the package and optional extras before using it on sensitive documents.