Fractal Memory
WarnAudited by ClawScan on May 10, 2026.
Overview
Fractal Memory is purpose-aligned, but it stores and reloads broad personal memory, can send daily logs to an external model automatically, and references an unreviewed scheduled helper script.
Install only if you are comfortable with persistent local memory and scheduled rollups. Before enabling cron, remove or review the missing update_now.py call, decide whether daily logs may be sent to the deepseek model, fix hardcoded paths, and add clear rules to avoid storing secrets or treating memory files as trusted instructions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private daily notes or conversation history may leave the local workspace through the model call, especially if the daily rollup is scheduled to run automatically.
The script puts the full daily diary content into an LLM prompt and sends it to an OpenClaw model named deepseek by default.
USE_LLM = True ... LLM_MODEL = "deepseek" ... **原始日志:**\n{content} ... subprocess.run(['openclaw', 'ask', '--model', LLM_MODEL, '--'], input=prompt, ...)Make external LLM use explicit before installation, disable USE_LLM unless intended, choose an approved provider, and avoid logging secrets or sensitive personal data.
Sensitive, inaccurate, or malicious text can be preserved in memory and influence later agent behavior across sessions.
The skill encourages broad persistent memory capture and then instructs future sessions to reload those memory files.
Write to `memory/diary/YYYY/daily/YYYY-MM-DD.md` immediately. Don't rely on memory—write it down. ... Add to your AGENTS.md: ... Read `memory/diary/YYYY/daily/YYYY-MM-DD.md` ... Also read `MEMORY.md`
Use explicit logging rules, exclude secrets and untrusted instructions, periodically review memory files, and treat stored memories as data rather than authoritative instructions.
The cron job may fail, or it may execute whatever local file named scripts/update_now.py exists in the user's workspace, which is unreviewed by this artifact set.
The scheduled daily command references scripts/update_now.py, but that file is not present in the supplied file manifest.
"message": "Execute daily memory rollup: cd ~/.openclaw/workspace && python3 scripts/rollup-daily.py && python3 scripts/update_now.py. This compresses today's diary entry into this week's summary. Log the result."
Remove the update_now.py call unless the user has reviewed that script, or include the script in the skill package with clear documentation.
The agent may continue running memory maintenance tasks after setup, even when the user is not actively working in a session.
The skill documents enabled recurring agent turns for daily, weekly, and monthly memory rollups.
"sessionTarget": "isolated", "wakeMode": "next-heartbeat", "payload": { "kind": "agentTurn" ... }, "enabled": trueCreate cron jobs only if recurring background memory updates are desired, review each payload, and keep instructions for disabling or deleting the jobs.
The script may fail, write logs to an unexpected location, or behave inconsistently with the documented ~/.openclaw/workspace setup.
This helper writes memory logs to a hardcoded author-specific absolute path instead of the current user's configured workspace.
WORKSPACE = Path("/Users/brianq/.openclaw/workspace")Replace hardcoded paths with Path.home() or a configurable workspace path before use.