Memory Keeper
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Memory Keeper largely matches its backup purpose, but it may record token-bearing Git remote URLs into persistent memory logs that can later be archived or pushed.
Use this only for memories and context you are comfortable archiving. Prefer a local or private repository you control, do not put tokens in Git URLs, scrub existing memory logs for secrets before pushing, and review any --allow-extra patterns carefully.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you use --commit and --push, the tool can update a Git repository with copies of your agent memory/context files.
The script can run Git add/commit/push operations against the archive when the user enables commit/push flags. This is expected for a Git-backed backup tool, but it can publish memory snapshots to a remote repository.
run_git_command(target, ["add", "."]) ... git_args = ["push", "--set-upstream", "origin", args.branch]
Use push only with a private repository you control, verify the remote URL before running, and avoid broad --allow-extra patterns unless you have reviewed what they include.
A personal access token or other credential could be exposed beyond the intended Git authentication flow.
The documentation explicitly suggests putting authentication material in the remote URL. Token-bearing URLs are easy to leak through Git config, logs, shell history, process listings, or this skill's own memory log.
remind you to configure your credential helper or embed the token/SSH key in the URL
Do not embed tokens in remote URLs. Prefer SSH agent authentication, a credential helper, or a short-lived token entered through a secure prompt; rotate any token already used in a URL.
Sensitive credentials or private repository URLs may become part of the agent's persistent memory and backup history.
The script writes the full remote string into memory/YYYY-MM-DD.md. Because memory/*.md is copied during later syncs, a token-bearing remote URL can be persisted and later archived or pushed.
f"(commit={commit}, push={push}, remote={remote or 'none'})\n"
...
handle.write(entry)Sanitize remote URLs before logging, strip userinfo/tokens from existing memory logs, and avoid syncing or pushing archives until any exposed secrets have been removed and rotated.