Engram
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill also installs and runs code from the engram-memory npm package.
The skill relies on an external npm package for its CLI. This is expected for a CLI-based memory skill, but users are trusting that package's implementation.
node | package: engram-memory | creates binaries: engram
Install only if you trust the package source and keep it updated through normal package-management practices.
Facts, preferences, decisions, or raw conversation text stored in Engram may reappear in future agent context.
The skill is designed to retrieve and reinforce prior memories across sessions, which is purpose-aligned but means outdated, sensitive, or incorrect memories could affect later work.
Always recall before working. Accessed memories get salience-boosted.
Avoid storing secrets or highly sensitive material, and verify recalled memories before relying on them for important decisions.