Engram
PassAudited by ClawScan on May 1, 2026.
Overview
Engram's artifacts describe a coherent local memory tool, with the main caveats that it installs an external npm CLI and will persist and reuse stored conversation context.
This appears reasonable if you want a local persistent memory tool. Before installing, be comfortable with the npm package dependency and remember that anything stored or ingested may influence future agent sessions.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill also installs and runs code from the engram-memory npm package.
The skill relies on an external npm package for its CLI. This is expected for a CLI-based memory skill, but users are trusting that package's implementation.
node | package: engram-memory | creates binaries: engram
Install only if you trust the package source and keep it updated through normal package-management practices.
Facts, preferences, decisions, or raw conversation text stored in Engram may reappear in future agent context.
The skill is designed to retrieve and reinforce prior memories across sessions, which is purpose-aligned but means outdated, sensitive, or incorrect memories could affect later work.
Always recall before working. Accessed memories get salience-boosted.
Avoid storing secrets or highly sensitive material, and verify recalled memories before relying on them for important decisions.