Shared Memory between Lobsters
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: shared-memory Version: 1.0.2 The skill bundle is designed to manage shared memory via the Ensue network. The `scripts/shared-memory.sh` script retrieves the `ENSUE_API_KEY` from environment variables or local configuration files (`~/.claude/plugins/.../.ensue-key`, `~/.clawdbot/clawdbot.json`) and uses it to authenticate API calls to `https://api.ensue-network.ai/`. The `SKILL.md` includes troubleshooting steps that instruct the agent to display the `ENSUE_API_KEY` and grep its configuration file, which are legitimate debugging actions for an agent skill. All observed behaviors are directly aligned with the stated purpose of interacting with the Ensue API and lack any evidence of intentional malicious activity such as unauthorized data exfiltration, persistence, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Ensue API key could be displayed in terminal output or conversation context during troubleshooting.
The troubleshooting instructions tell the agent/user to print or grep locations that may contain the API key. If the command output is captured in the chat or logs, the credential could be exposed.
echo $ENSUE_API_KEY grep -A2 'ensue-learning-memory' ~/.clawdbot/clawdbot.json
Check only whether a key exists, or mask/redact the value before showing command output. Avoid pasting API keys into chat or logs.
The skill may operate with an Ensue account credential you configured elsewhere.
If ENSUE_API_KEY is not set, the script looks for Ensue credentials in local Claude plugin cache files and later in ~/.clawdbot/clawdbot.json. This is related to the stated provider, but it means the skill may use an existing local credential rather than only a key explicitly supplied for this skill.
key_file="$HOME/.claude/plugins/cache/ensue-learning-memory/ensue-learning-memory/0.2.0/.ensue-key"
if [ -f "$key_file" ]; then
cat "$key_file"Confirm which Ensue API key is being used and revoke or rotate keys that should not be available to this skill.
A mistaken grant could share or allow changes to more memory than intended.
The skill exposes permission-management commands that can grant broad read/write/delete access to memory namespaces. This matches the skill purpose, but it is high-impact authority.
`grant org <action> <pattern>` ... **Actions**: `read`, `create`, `update`, `delete`
Use the narrowest namespace pattern possible, avoid org-wide grants unless necessary, and require explicit user confirmation before permission changes or deletions.
Other users may be able to read or influence shared memory that agents rely on later.
The skill is designed to share persistent memory and subscribe to memory changes. Shared persistent memory can affect future agent context if permissions are too broad or if untrusted users can write to shared namespaces.
Share memories and state with other users ... `subscribe <key>` | Get notified on changes
Share only intended namespaces, separate private/shared/public memory carefully, and review active permissions and subscriptions.