Drift
PassAudited by ClawScan on May 10, 2026.
Overview
Drift appears to be a local journaling/memory CLI for cross-session agent notes, with the main consideration that its saved messages can persist and influence future sessions.
Drift looks benign and purpose-aligned as a local cross-session note tool. Before installing, understand that it links a local CLI and writes persistent JSON thread files under the OpenClaw workspace by default; use it for reflections and questions, not secrets or instructions that future agents should obey without review.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing with `npm link` makes the `drift` command available from the local package, so running it executes this package's JavaScript.
The skill documents a global CLI link step even though the registry reports no install spec. This is normal for a local CLI, but it is still a local executable setup users should review before running.
cd /path/to/drift && npm link
Review the local files before linking, install only from a source you trust, and remove the link if you no longer want the command available.
Past notes, questions, or reflections may be shown to future agent sessions and could shape later decisions if treated as authoritative.
The tool intentionally stores thread messages in local JSON files for later sessions to read, which creates persistent memory.
const DRIFT_DIR = process.env.DRIFT_DIR || path.join(process.env.HOME || '/tmp', '.openclaw', 'workspace', 'drift', 'threads'); ... fs.writeFileSync(threadPath(thread.id), JSON.stringify(thread, null, 2));
Treat Drift entries as advisory notes, review them before acting, and avoid storing secrets, credentials, or untrusted instructions in threads.