Agent Memory System Guide
Security checks across malware telemetry and agentic risk
Overview
This is a coherent local-first memory workflow skill, but it intentionally creates and reuses persistent local notes, so users should manage privacy and review import/export actions.
This skill appears suitable if you want a local, file-based agent memory workflow. Before installing, be comfortable with the agent reading and updating workspace memory files, keep passwords/API keys out of those notes, review remembered facts periodically, secure any exported backup zips, and use import `--clean` only after confirming the target workspace.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Old or inaccurate memory notes could affect later agent responses, and private profile details may be repeatedly reused.
The skill explicitly tells the agent to load persistent local notes into context at conversation start, which is expected for a memory system but can influence future behavior if stale, overly broad, or poisoned content is stored.
先读 SESSION-STATE.md,再读最近 1-3 天 daily notes,最后才做 memory_search。
Keep memory files concise, review them periodically, remove secrets or obsolete instructions, and treat remembered notes as context rather than unquestionable truth.
Using import or clean-restore incorrectly could overwrite or remove workspace memory notes and attachments, though the docs describe a pre-import backup.
The helper CLI can restore and clean the supported memory surface. This is documented, scoped, and backed up, but it still changes user memory files.
默认导入是保守模式:会先做导入前备份... 如果你要让受支持的记忆面与备份包保持一致,使用 `python3 scripts/memory_capture.py import --clean --workspace /path/to/new-workspace --input /path/to/memory-backup.zip` 做 clean restore。
Run import commands only on the intended workspace, keep the pre-import backup, and use `--clean` only when you really want the backup archive to replace the supported memory files.
Users will be executing included local helper code to create or inspect memory files.
The skill is described as instruction-only, but its documented setup includes running a packaged Python helper. This is disclosed and purpose-aligned, not hidden.
Run `python3 scripts/memory_capture.py bootstrap --workspace /path/to/workspace`.
Run the helper from the installed skill package you intended to install, and review the target `--workspace` path before executing commands.