v1.0.1

smart-memory-lite (Automaton)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:54 AM.

Analysis

The skill mostly matches a local memory helper, but it persists conversations and its clear function leaves separate daily conversation logs behind, so sensitive data may remain after users think it was deleted.

GuidanceInstall only if you want persistent local conversation memory. Avoid storing secrets, choose a dedicated storage path, confirm any import/export/clear actions, and manually delete the configured memory directory if you need to fully remove saved conversations.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

index.js

this.storagePath = options.storagePath || './memories'; ... async exportToFile(filePath) { ... fs.writeFileSync(filePath, JSON.stringify(data, null, 2), 'utf8'); } ... async importFromFile(filePath) { const data = JSON.parse(fs.readFileSync(filePath, 'utf8'));

The local file read/write APIs are expected for memory backup and import, but they accept caller-provided paths without visible scoping or confirmation.

User impactIf an agent uses unsafe paths, it could write backups to unintended files or import unwanted memory content.

RecommendationUse only user-approved paths, keep storage and backups in a dedicated directory, and require confirmation before import, export, or clear operations.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: https://github.com/openclaw/skills/smart-memory-lite

The registry metadata does not identify a verified source, even though a homepage is listed. The included package is small and has no dependencies, so this is a provenance note rather than evidence of malicious behavior.

User impactUsers have less assurance that the packaged artifact corresponds to the advertised project.

RecommendationVerify the package against the listed repository or install only from a trusted, reproducible source.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

index.js

fs.writeFileSync(conversationFile, JSON.stringify(conversations, null, 2), 'utf8'); ... /** Clear all memories */ async clear() { this.memories = []; this.saveMemories(); }

The code writes saved messages to daily conversation files as well as memories.json, but clear() only empties memories.json. This means conversation content can remain on disk after the advertised clear operation.

User impactSensitive past conversations may remain stored locally even after a user believes they have cleared the skill's memory.

RecommendationUpdate clear() to delete the conversations directory or document that users must manually delete the storage folder; users who need a full purge should remove the configured memories directory.