Hierarchical Memory
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill appears to be a local memory organizer, but its helper script can write outside the intended memory folders if given unsafe names or parent paths.
Install only if you are comfortable maintaining persistent local memory files. Before using the helper script, patch or carefully control branch names and parent paths, keep backups of memory files, and avoid storing secrets in the memory hierarchy.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or crafted branch name or parent path could create, overwrite, or append to files outside the intended memory folders, damaging workspace files or poisoning future memory context.
The CLI arguments `name` and `parent_file` are used directly in filesystem paths without slug validation, path normalization, or containment checks; `open(..., "w")` can also overwrite existing files.
file_path = f"{base_path}/domains/{name.lower()}.md" ... with open(file_path, "w") as f: ... full_parent_path = f"/root/.openclaw/workspace/{parent_file}"Restrict branch names to safe slugs, reject `..`, slashes, absolute paths, and control characters, resolve paths before writing, require paths to remain under the intended memory directory, and refuse overwrites unless the user explicitly confirms.
Incorrect, sensitive, or manipulated memory entries may persist and influence later tasks.
The skill intentionally creates persistent memory that future agent sessions may load and rely on.
This skill provides a structured method for managing long-term memory ... Always start by searching `MEMORY.md` ... Update `MEMORY.md` ... Maintain a `recent_delta.md`
Review memory files periodically, avoid storing secrets or highly sensitive data, and treat memory content as user-maintained context rather than trusted instructions.