Memoria Memory System
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent with its memory-management purpose, but users should understand that it creates persistent assistant memory, local backups, and optional scheduled maintenance.
This skill appears benign and purpose-aligned. Before installing, be comfortable with persistent local assistant memory, review the ./memory contents periodically, avoid saving secrets, and use rollback, --fix, and cron automation only when you understand their effects.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Information saved into this memory may be reused in future sessions and could affect later assistant responses.
The skill is explicitly designed to store personal facts, conversations, and current context as long-term memory, which is core to its purpose but means sensitive or incorrect information may persist and influence later assistant behavior.
Stores factual knowledge, concepts, and general information... Personal facts and key information ... Records events, experiences, and conversations with timestamps ... Holds current session context and active tasks.
Review what is written into memory, avoid storing secrets, and periodically inspect or clean the memory directory.
A rollback can replace the current memory state and may discard recent memory entries if run incorrectly.
The rollback tool can overwrite the configured memory directory. It includes a confirmation prompt and safety backup, making the behavior disclosed and purpose-aligned, but it is still a high-impact local mutation.
read -p "⚠️ This will overwrite current memory. Continue? [y/N] " ... rm -rf "$MEMORY_PATH" ... tar -xzf "$backup_path" -C "$(dirname "$MEMORY_PATH")"
Use rollback only when needed, avoid --force unless certain, and verify the backup name before restoring.
If the user adds these cron entries, backups and automatic fixes may run regularly without further prompts.
The skill documents optional scheduled jobs that keep running after setup. This persistence is clearly disclosed and user-directed, but users should notice it before enabling cron.
Add to crontab for automated maintenance: ... 0 2 * * * cd /path/to/memoria-system && ./memory-backup.sh ... 0 3 * * 0 cd /path/to/memoria-system && ./memory-health-check.sh --fix
Only add the cron jobs if recurring maintenance is desired, and keep the schedule and --fix behavior under user control.
The skill may fail or behave unexpectedly if jq or tar is missing, and users have limited source provenance information from the registry metadata.
The registry metadata gives no source homepage and declares no required binaries, while the included documentation states the scripts require Bash, jq, and tar. This is a metadata/provenance and dependency-declaration gap, not evidence of malicious behavior.
Source: unknown ... Required binaries (all must exist): none
Verify the included scripts before use and ensure Bash, jq, and tar are installed if using the maintenance tools.