Engram
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The OpenClaw AgentSkills bundle defines a skill for persistent semantic memory. It installs the `engram-memory` npm package, providing the `engram` binary. All instructions in `SKILL.md` demonstrate the use of this binary for memory operations like adding, searching, ingesting, exporting, and importing data. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts to subvert the agent's behavior beyond the skill's stated purpose. File operations (`engram export > backup.json`, `engram import backup.json`) are confined to the skill's own data management.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill also installs and runs code from the engram-memory npm package.
The skill relies on an external npm package for its CLI. This is expected for a CLI-based memory skill, but users are trusting that package's implementation.
node | package: engram-memory | creates binaries: engram
Install only if you trust the package source and keep it updated through normal package-management practices.
Facts, preferences, decisions, or raw conversation text stored in Engram may reappear in future agent context.
The skill is designed to retrieve and reinforce prior memories across sessions, which is purpose-aligned but means outdated, sensitive, or incorrect memories could affect later work.
Always recall before working. Accessed memories get salience-boosted.
Avoid storing secrets or highly sensitive material, and verify recalled memories before relying on them for important decisions.