Agent Memory Framework
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private daily notes could be brought into shared or multi-person contexts and might influence or leak through the agent's responses.
Daily memory is described as raw logs, but the rules allow any session to read it. Because the same document distinguishes shared contexts such as group chats/Discord, this creates an overbroad path for private session notes to be loaded outside the main private session.
`日记忆 memory/YYYY-MM-DD.md ← 原始日志` ... `日记忆:任何会话都可读`
Restrict daily memory reads to private main sessions by default, or require explicit user selection and sanitization before using daily notes in shared contexts.
Future agent behavior could change because of unreviewed persistent edits to configuration or skill instructions.
This authorizes persistent edits to agent configuration or skill files based on the agent's own learned lessons, not just writes to the memory files, and it does not state that the user must approve those behavior-changing edits.
When you learn a lesson → update AGENTS.md, TOOLS.md, or the relevant skill
Require explicit user approval before editing AGENTS.md, TOOLS.md, or any skill files, and keep routine memory updates limited to the designated memory files.
If enabled, memory files could be read and rewritten on a schedule outside a direct conversation.
The skill suggests optional scheduled memory distillation. It is disclosed and no runnable cron job is included, but scheduled background maintenance is persistence that users should knowingly enable.
可配置 cron 定时执行蒸馏。推荐频率:每天 1 次,凌晨低峰时段。
Only enable cron-based distillation after reviewing the script or workflow, limiting it to the intended memory directory, and keeping logs of changes.