ClawHub
Back to skill
v1.0.2

OpenClaw Memory Orchestrator

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:34 AM.

Analysis

The skill fits its memory-management purpose, but it can change persistent OpenClaw memories and supports optional remote memory infrastructure, so users should review it before installing.

GuidanceInstall this only if you want it to manage OpenClaw's stored memory. Before running deduplication or canonicalization scripts, back up `~/.openclaw/workspace/memory`, especially `memory/index/memory-records.jsonl`. Keep remote vector database settings disabled unless you trust and control the remote service, and review the external GitHub package separately before installing the full feature set.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
scripts/dedupe-hm4d.py
removed.extend(group[:-1])
...
with JSONL_PATH.open('w', encoding='utf-8') as fh:
    for item in records:
        fh.write(json.dumps(item, ensure_ascii=False) + '\n')

The deduplication script removes older grouped records and rewrites `memory-records.jsonl` in place. The provided artifacts do not show a dry-run default, backup, confirmation step, or rollback mechanism.

User impactA mistaken or overbroad deduplication run could remove useful long-term agent memories and affect future OpenClaw sessions.
RecommendationBack up the OpenClaw memory directory before running mutation scripts, and prefer a dry-run/confirmation workflow before allowing the agent to rewrite memory records.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
For the full feature set, install the full package from GitHub: https://github.com/che52078/openclaw-memory-orchestrator

The reviewed ClawHub package directs users to a separate GitHub package for the full feature set. That external package is outside the supplied artifact set and may differ from the reviewed lite package.

User impactInstalling the external full package could introduce additional code or behavior not represented by the ClawHub artifacts reviewed here.
RecommendationReview the external repository, its install scripts, and its dependency/provenance details before installing the full feature set.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
scripts/memory-token-pipeline.py
MEMORY_DIR = ROOT / "memory"
JSONL_PATH = INDEX_DIR / "memory-records.jsonl"
RAW_SUMMARY_DIR = MEMORY_DIR / "archive" / "raw-summaries"
...
secret_markers = ["api key", "token", "password", "private key", "bearer ", "ssh "]

The pipeline creates persistent memory records, indexes, and raw summary storage, and it explicitly recognizes credential-like content as sensitive. This is aligned with a memory orchestrator, but users should understand that private context may be retained and reused.

User impactConversation history, summaries, and possibly sensitive snippets could persist in the local OpenClaw memory store and influence later retrieval.
RecommendationAvoid storing secrets in agent memory, review retention settings, and periodically inspect or prune the OpenClaw memory directory.
Insecure Inter-Agent Communication
SeverityLowConfidenceMediumStatusNote
scripts/memory-token-pipeline.py
DEFAULT_REMOTE_URL = os.environ.get("MEMORY_REMOTE_URL", "")
DEFAULT_REMOTE_COLLECTION = os.environ.get("MEMORY_REMOTE_COLLECTION", "conversation-index")

The artifacts define optional remote vector database configuration. README states remote vector DB is disabled by default, but enabling it introduces an external data boundary for memory-related data.

User impactIf remote mode is configured, memory indexes or summaries may be stored or retrieved through infrastructure outside the local machine.
RecommendationKeep local-only mode unless you trust the remote vector database, understand what data will be stored there, and have appropriate access controls.